Document revision date: 30 March 2001 | |
Previous | Contents | Index |
Adds a local or global user account to a domain's security database, and optionally adds the user as a member of specified groups.
ADD USER user-name [/qualifiers]
Use of this command requires membership in the Administrators or Account Operators local group. Only members of the Administrators local group can add members to the Administrators local group.
COPY USER
MODIFY USER
REMOVE USER
SHOW USERS
user-name
Specifies a 1 to 20 character account name for the user to be added. The user name cannot be identical to any other user or group name of the domain or server being administered. It can contain any uppercase or lowercase characters except the following:" / \ [ ] : ; | = , + * ? < >
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive information about the user. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION, the default, indicates that the description is to be blank./DOMAIN=domain-name
Specifies the name of the domain on which to add the user account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line./EXPIRATION_DATE=date
/NOEXPIRATION_DATE
Specifies whether the account has an expiration date, and, if so, the date the account is to expire. The date is specified in the standard OpenVMS date format (dd-mmm-yyyy). /NOEXPIRATION_DATE, the default, specifies that the account will not have an expiration date, and therefore will never expire./FLAGS=(option[,...])
Specifies the logon flags for the user account. Precede the option keyword with NO to clear the specified flag. The option keyword can be one or more of the following. If you do not specify the /FLAGS qualifier, the default flags are as indicated.
Option Description [NO]DISPWDEXPIRATION Prevents the password from expiring, overriding the Maximum Password Age setting for the account policy. Select this option for user accounts that will be assigned to services. Selection of this option overrides the PWDEXPIRED option. NODISPWDEXPIRATION is the default if you specify neither DISPWDEXPIRATION nor NODISPWDEXPIRATION. Do not specify the DISPWDEXPIRATION and PWDEXPIRED options in the same command. [NO]DISUSER Disables the account so the user cannot log on. You might disable a new account to create an inactive account that can be copied to create new accounts. Or, you might temporarily disable an account if it does not need to be used until a later date. You cannot disable the built-in Administrator account. NODISUSER is the default if you specify neither DISUSER nor NODISUSER. [NO]PWDEXPIRED The password is initially expired. This forces the user to change the password at the next logon. PWDEXPIRED is the default if you specify neither PWDEXPIRED nor NOPWDEXPIRED. Do not specify the PWDEXPIRED option in the same command with either the PWDLOCKED or the DISPWDEXPIRATION option. [NO]PWDLOCKED Prevents the user from changing the password. This option is usually applied only to user accounts used by more than one person, such as the Guest account. NOPWDLOCKED is the default if you specify neither PWDLOCKED nor NOPWDLOCKED. Do not specify the PWDLOCKED and PWDEXPIRED options in the same command. /FULLNAME="full-user-name"
/NOFULLNAME
The full name is the user's complete name, and can be up to 256 characters in length. Enclose the string in quotation marks to preserve case (the default is uppercase). It is a good idea to establish a standard for entering full names, so that they always begin with either the first name (Louise G. Morgan) or the last name (Morgan, Louise G.), because the full name can affect the sorting order for the SHOW USERS command. /NOFULLNAME, the default, specifies a blank full name./GLOBAL
Indicates that the specified user account is to be added as a global account. User accounts can be either global (the default) or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line./HOME=(option[,...])
/NOHOME
Specifies a user's home directory information. A home directory is a directory that is automatically accessible to a user and contains files and programs for the user. This feature applies only when the user logs on from a Windows NT client. The specified home directory becomes the Windows NT user's default directory for the File Open and Save As dialog boxes, for the command prompt, and for all applications that do not have a working directory defined. A home directory can be assigned to a single user or it can be shared by many users. A home directory can be a shared network directory or a local directory on a user's workstation. On other clients, the home directory setting has no effect.If you specify a network path for the home directory, you must also specify a drive letter to be assigned to the path when the user logs on. If the specified directory does not exist, an attempt will be made to create it. If the directory cannot be created, a message will be issued instructing you to manually create the directory.
If you specify a local path for the home directory, do not include a drive letter. You must manually create the directory if it does not exist. /NOHOME, the default, specifies that the user will not have a home directory.
The option keyword can be one or more of the following:
Option Description DRIVE= driveletter Specifies the drive letter to use for connecting to the home directory if the home directory specified in the PATH option is a shared network directory. The driveletter can be from C to Z. PATH= homepath Specifies an optional home directory that is accessible to the user and contains files and programs for the user. The homepath must be an absolute path of a directory local to the user's workstation, or a UNC (Universal Naming Convention) path of a shared network directory. /HOURS=(logon-time[,...])
/NOHOURS
Specifies the days and hours when the user can connect to a server. The default is to allow a user to connect during all hours of any day. /NOHOURS specifies that the user cannot connect at any time of any day.Specify logon-time in the following format:
day=([n-m],[n],[*])
where n and m are hours of the day, and day is any one of the following:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL
Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock. You can specify a single hour (n), ranges of hours (n-m), or all hours of the day (*). Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour. If you specify no hours, all hours are allowed for the specified days.
/LOCAL
Indicates that the specified user account is to be added as a local account. User accounts can be either global (the default) or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line./MEMBER_OF_GROUPS=(group-name[,...])
Adds the user as a member of the specified local or global groups./PASSWORD[="password"]
/NOPASSWORD
Specifies the password for the user account. Passwords are case sensitive, and can be up to 14 characters in length. The minimum length is set by using the SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command. The default is 0, which permits a blank password. Passwords entered on the command line are converted to uppercase unless enclosed within quotation marks. If the password you specify contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks, unless you enter the password in response to the password prompt. (If you enclose the password in quotation marks at the password prompt, the quotation marks become part of the password.) If you enter /PASSWORD with no value, or as an asterisk (*), you are prompted for a password and a confirmation, which will not be displayed as they are entered. /NOPASSWORD, the default, specifies that the account will have a blank password. With /NOPASSWORD, the default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for a password. However, you can override this default for /NOPASSWORD by specifying the /FLAGS=PWDEXPIRED qualifier./PRIMARY_GROUP=group-name
Sets the user account's primary group. A primary group is used when a user logs on using Windows NT Services for Macintosh, or runs POSIX applications. group-name must be a global group of which the user is a member. If the /PRIMARY_GROUP qualifier is not specified, the user's primary group is set to the "Domain Users" global group by default./PROFILE=profile-path
/NOPROFILE
Specifies a path for an optional user profile. The path should be a network path that includes a file name. The file name can be that of a personal user profile (.USR file name extension) or a mandatory user profile (.MAN file name extension). For example, you might enter: /PROFILE="\\eng\profiles\johndoe.usr". /NOPROFILE, the default, specifies that the user will not have a profile./SCRIPT=script-name
/NOSCRIPT
Specifies a name for an optional logon script that runs each time the user logs on. A logon script can be a batch file (.BAT or .CMD file name extension) or an executable program (.EXE file name extension). A single logon script can be assigned to one or more user accounts. When a user logs on, the server authenticating the logon locates the logon script by following the server's logon script path in the \netlogon share. The script-name specifies a file relative to that path. /NOSCRIPT, the default, specifies that the user will have no logon script./SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add the user. Do not specify both /DOMAIN and /SERVER on the same command line./WORKSTATIONS=(workstation-name[,...])
Specifies up to eight workstations from which the user can log on to the domain. The default is to allow a user to log on from any workstation, but you can restrict a user to log on only from specific workstations. The workstation-name is a 1 to 15 character name of a workstation. You may use an asterisk (*) for the workstation name to specify all workstations.
#1 |
---|
LANDOFOZ\\TINMAN> ADD USER SCARECROW/PASSWORD="OverTheRainbow" - _LANDOFOZ\\TINMAN> /MEMBER_OF_GROUPS="Administrators" - _LANDOFOZ\\TINMAN> /HOURS=(WEEKDAYS=8-16,WEEKENDS=*) - _LANDOFOZ\\TINMAN> /FLAGS=NOPWDEXPIRED %PWRK-S-USERADD, user "SCARECROW" added to domain "LANDOFOZ" |
This example adds the user with user name SCARECROW to the domain LANDOFOZ. The password for the user account is OverTheRainbow. The user is made a member of the Administrators local group, may connect to a server from 8:00 AM to 4:59 PM Monday through Friday, and all day Saturday and Sunday. The password for the account will not be initially expired.
#2 |
---|
LANDOFOZ\\TINMAN> ADD USER FRIENDLY/PASSWORD="PotOfGold"- _LANDOFOZ\\TINMAN> /EXPIRATION_DATE=09-JUN-2001 %PWRK-S-USERADD, user "FRIENDLY" added to domain "LANDOFOZ" |
This example adds the user with user name FRIENDLY to the domain LANDOFOZ, and sets the account to expire June 9, 2001.
Clears all the events from the selected event log file.
CLEAR EVENTS [/qualifiers]
Use of this command requires membership in the Administrators local group.
SAVE EVENTS
SHOW EVENTS
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./TYPE=log-type
Specifies the log file to be cleared. The log-type keyword can be one of the following:
Log-Type Log File APPLICATION The application log file SECURITY The security log file SYSTEM The system log file (the default) /SERVER=server-name
Specifies the name of the server on which to clear the events. The default is the server currently being administered.
LANDOFOZ\\TINMAN> CLEAR EVENTS/TYPE=SECURITY Clear the Security Event Log [YES or NO] (YES) : YES %PWRK-S-ELFCLEARED, Security Event Log on server "TINMAN" cleared |
This example clears the Security Event Log file on the server currently being administered (TINMAN). A confirmation is required.
Closes one or all of the resources open on a server.
CLOSE OPEN_FILE resource-id [/qualifiers]
Use of this command requires membership in the Administrators or Server Operators local group.
SHOW OPEN_FILES
resource-id
Specifies the resource ID of the resource to be closed, or * to close all open resources. You can obtain the resource ID for a specific open resource from the SHOW OPEN_FILES command display.Note that some administration resources are opened on behalf of the system or the ADMINISTER interface. You cannot close these resources. The system will close them when appropriate.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./SERVER=server-name
Specifies the name of the server on which to close the resource. The default is the server currently being administered.
#1 |
---|
LANDOFOZ\\TINMAN> CLOSE OPEN_FILE 4 The user DOT has opened the resource for Write. Are you sure you want to close TINMAN$DKA1:[SHARES.S1]A.TXT ? [YES or NO] (YES) : %PWRK-S-FILECLOSE, file with resource ID 4 on server "TINMAN" closed |
This example closes the resource that has ID 4 on the server currently being administered (TINMAN). By default, confirmation is required before the resource is closed.
#2 |
---|
LANDOFOZ\\TINMAN> CLOSE OPEN_FILE * Some of the users have resources open for Write. Closing those open resources may result in loss of data. Are you sure you want to close all open resources ? [YES or NO] (YES) : %PWRK-S-FILECLOSE, file with resource ID 2 on server "TINMAN" closed %PWRK-S-FILECLOSE, file with resource ID 6 on server "TINMAN" closed %PWRK-E-ERRCLSFILE, error closing file ID 9997 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number %PWRK-E-ERRCLSFILE, error closing file ID 9999 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number %PWRK-E-ERRCLSFILE, error closing file ID 9998 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number %PWRK-E-ERRCLSFILE, error closing file ID 10000 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number |
This example closes all open shared files on server TINMAN. The named pipes (system or administrative resources) are not closed, because they are being used to process the command.
Disconnects one or all of the sessions currently established to a server.
CLOSE SESSION computer-name [/qualifiers]
Use of this command requires membership in the Administrators or Account Operators local group.
SHOW SESSIONS
computer-name
Specifies the name of the computer for which sessions are to be closed, or * to close all sessions. Use the SHOW SESSIONS command to display a list of active sessions.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode./SERVER=server-name
Specifies the name of the server on which to close the sessions. The default is the server currently being administered./USERNAME=user-name
Specifies the name of the user whose session is to be closed. If you do not specify the user name, then all sessions from the specified computer are closed.
LANDOFOZ\\TINMAN> CLOSE SESSION DOROTHY/USERNAME=LION Do you really want to close session on "DOROTHY" [YES or NO] (YES) : %PWRK-S-SESSCLSCU, session from "DOROTHY" for user "LION" closed |
This example closes any sessions established to the server TINMAN from the computer named DOROTHY for the user named LION.
Continues a currently paused OpenVMS Advanced Server print queue. Use the SHOW PRINT QUEUES command to display the list of available queues. This command performs the same function as the SET PRINT QUEUE queue-name/CONTINUE command and is valid only to Compaq OpenVMS servers.
CONTINUE PRINT QUEUE queue-name [/qualifier]
Use of this command requires membership in the Administrators, Server Operators, or Print Operators local group.
ADD PRINT QUEUE
PAUSE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES
queue-name
Specifies the name of the OpenVMS Advanced Server print queue for which to continue printing.
/SERVER=server-name
Specifies the name of the server where the specified OpenVMS Advanced Server print queue is defined. The default is the server currently being administered.
LANDOFOZ\\TINMAN> CONTINUE PRINT QUEUE LN03 %PWRK-S-QUESET, queue "LN03" continued on server "TINMAN" |
This example continues the paused print queue LN03 on the server currently being administered (TINMAN).
Continues a currently paused network service. Use the SHOW SERVICES command to display a list of available services.
CONTINUE SERVICE servicename [/qualifier]
Use of this command requires membership in the Administrators local group or the Server Operators local group.
PAUSE SERVICE
SHOW SERVICES
START SERVICE
STOP SERVICE
servicename
Specifies the name of the network service to continue.
/SERVER=server-name
Specifies the name of the server on which to continue the service. The default is the server currently being administered.
LANDOFOZ\\TINMAN> CONTINUE SERVICE NETLOGON |
This command continues the NetLogon service on the server currently being administered (TINMAN).
Previous | Next | Contents | Index |
privacy and legal statement | ||
6544PRO_3.HTML |