Document revision date: 30 March 2001
[Compaq] [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]
[OpenVMS documentation]

Compaq Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index


ADD USER

Adds a local or global user account to a domain's security database, and optionally adds the user as a member of specified groups.

Format

ADD USER user-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group. Only members of the Administrators local group can add members to the Administrators local group.

Related Commands

COPY USER
MODIFY USER
REMOVE USER
SHOW USERS

Parameters

user-name

Specifies a 1 to 20 character account name for the user to be added. The user name cannot be identical to any other user or group name of the domain or server being administered. It can contain any uppercase or lowercase characters except the following:

" / \ [ ] : ; | = , + * ? < >


Qualifiers

/DESCRIPTION="string"

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the user. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION, the default, indicates that the description is to be blank.

/DOMAIN=domain-name

Specifies the name of the domain on which to add the user account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/EXPIRATION_DATE=date

/NOEXPIRATION_DATE

Specifies whether the account has an expiration date, and, if so, the date the account is to expire. The date is specified in the standard OpenVMS date format (dd-mmm-yyyy). /NOEXPIRATION_DATE, the default, specifies that the account will not have an expiration date, and therefore will never expire.

/FLAGS=(option[,...])

Specifies the logon flags for the user account. Precede the option keyword with NO to clear the specified flag. The option keyword can be one or more of the following. If you do not specify the /FLAGS qualifier, the default flags are as indicated.
Option Description
[NO]DISPWDEXPIRATION
  Prevents the password from expiring, overriding the Maximum Password Age setting for the account policy. Select this option for user accounts that will be assigned to services. Selection of this option overrides the PWDEXPIRED option. NODISPWDEXPIRATION is the default if you specify neither DISPWDEXPIRATION nor NODISPWDEXPIRATION. Do not specify the DISPWDEXPIRATION and PWDEXPIRED options in the same command.
[NO]DISUSER
  Disables the account so the user cannot log on. You might disable a new account to create an inactive account that can be copied to create new accounts. Or, you might temporarily disable an account if it does not need to be used until a later date. You cannot disable the built-in Administrator account. NODISUSER is the default if you specify neither DISUSER nor NODISUSER.
[NO]PWDEXPIRED
  The password is initially expired. This forces the user to change the password at the next logon. PWDEXPIRED is the default if you specify neither PWDEXPIRED nor NOPWDEXPIRED. Do not specify the PWDEXPIRED option in the same command with either the PWDLOCKED or the DISPWDEXPIRATION option.
[NO]PWDLOCKED
  Prevents the user from changing the password. This option is usually applied only to user accounts used by more than one person, such as the Guest account. NOPWDLOCKED is the default if you specify neither PWDLOCKED nor NOPWDLOCKED. Do not specify the PWDLOCKED and PWDEXPIRED options in the same command.

/FULLNAME="full-user-name"

/NOFULLNAME

The full name is the user's complete name, and can be up to 256 characters in length. Enclose the string in quotation marks to preserve case (the default is uppercase). It is a good idea to establish a standard for entering full names, so that they always begin with either the first name (Louise G. Morgan) or the last name (Morgan, Louise G.), because the full name can affect the sorting order for the SHOW USERS command. /NOFULLNAME, the default, specifies a blank full name.

/GLOBAL

Indicates that the specified user account is to be added as a global account. User accounts can be either global (the default) or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line.

/HOME=(option[,...])

/NOHOME

Specifies a user's home directory information. A home directory is a directory that is automatically accessible to a user and contains files and programs for the user. This feature applies only when the user logs on from a Windows NT client. The specified home directory becomes the Windows NT user's default directory for the File Open and Save As dialog boxes, for the command prompt, and for all applications that do not have a working directory defined. A home directory can be assigned to a single user or it can be shared by many users. A home directory can be a shared network directory or a local directory on a user's workstation. On other clients, the home directory setting has no effect.

If you specify a network path for the home directory, you must also specify a drive letter to be assigned to the path when the user logs on. If the specified directory does not exist, an attempt will be made to create it. If the directory cannot be created, a message will be issued instructing you to manually create the directory.

If you specify a local path for the home directory, do not include a drive letter. You must manually create the directory if it does not exist. /NOHOME, the default, specifies that the user will not have a home directory.

The option keyword can be one or more of the following:
Option Description
DRIVE= driveletter
  Specifies the drive letter to use for connecting to the home directory if the home directory specified in the PATH option is a shared network directory. The driveletter can be from C to Z.
PATH= homepath
  Specifies an optional home directory that is accessible to the user and contains files and programs for the user. The homepath must be an absolute path of a directory local to the user's workstation, or a UNC (Universal Naming Convention) path of a shared network directory.

/HOURS=(logon-time[,...])

/NOHOURS

Specifies the days and hours when the user can connect to a server. The default is to allow a user to connect during all hours of any day. /NOHOURS specifies that the user cannot connect at any time of any day.

Specify logon-time in the following format:

day=([n-m],[n],[*])

where n and m are hours of the day, and day is any one of the following:

SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL

Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock. You can specify a single hour (n), ranges of hours (n-m), or all hours of the day (*). Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour. If you specify no hours, all hours are allowed for the specified days.

/LOCAL

Indicates that the specified user account is to be added as a local account. User accounts can be either global (the default) or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line.

/MEMBER_OF_GROUPS=(group-name[,...])

Adds the user as a member of the specified local or global groups.

/PASSWORD[="password"]

/NOPASSWORD

Specifies the password for the user account. Passwords are case sensitive, and can be up to 14 characters in length. The minimum length is set by using the SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command. The default is 0, which permits a blank password. Passwords entered on the command line are converted to uppercase unless enclosed within quotation marks. If the password you specify contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks, unless you enter the password in response to the password prompt. (If you enclose the password in quotation marks at the password prompt, the quotation marks become part of the password.) If you enter /PASSWORD with no value, or as an asterisk (*), you are prompted for a password and a confirmation, which will not be displayed as they are entered. /NOPASSWORD, the default, specifies that the account will have a blank password. With /NOPASSWORD, the default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for a password. However, you can override this default for /NOPASSWORD by specifying the /FLAGS=PWDEXPIRED qualifier.

/PRIMARY_GROUP=group-name

Sets the user account's primary group. A primary group is used when a user logs on using Windows NT Services for Macintosh, or runs POSIX applications. group-name must be a global group of which the user is a member. If the /PRIMARY_GROUP qualifier is not specified, the user's primary group is set to the "Domain Users" global group by default.

/PROFILE=profile-path

/NOPROFILE

Specifies a path for an optional user profile. The path should be a network path that includes a file name. The file name can be that of a personal user profile (.USR file name extension) or a mandatory user profile (.MAN file name extension). For example, you might enter: /PROFILE="\\eng\profiles\johndoe.usr". /NOPROFILE, the default, specifies that the user will not have a profile.

/SCRIPT=script-name

/NOSCRIPT

Specifies a name for an optional logon script that runs each time the user logs on. A logon script can be a batch file (.BAT or .CMD file name extension) or an executable program (.EXE file name extension). A single logon script can be assigned to one or more user accounts. When a user logs on, the server authenticating the logon locates the logon script by following the server's logon script path in the \netlogon share. The script-name specifies a file relative to that path. /NOSCRIPT, the default, specifies that the user will have no logon script.

/SERVER=server-name

Specifies the name of a server that is a member of the domain to which to add the user. Do not specify both /DOMAIN and /SERVER on the same command line.

/WORKSTATIONS=(workstation-name[,...])

Specifies up to eight workstations from which the user can log on to the domain. The default is to allow a user to log on from any workstation, but you can restrict a user to log on only from specific workstations. The workstation-name is a 1 to 15 character name of a workstation. You may use an asterisk (*) for the workstation name to specify all workstations.

Examples

#1

 LANDOFOZ\\TINMAN> ADD USER SCARECROW/PASSWORD="OverTheRainbow" - 
 _LANDOFOZ\\TINMAN> /MEMBER_OF_GROUPS="Administrators" - 
 _LANDOFOZ\\TINMAN> /HOURS=(WEEKDAYS=8-16,WEEKENDS=*) - 
 _LANDOFOZ\\TINMAN> /FLAGS=NOPWDEXPIRED 
 %PWRK-S-USERADD, user "SCARECROW" added to domain "LANDOFOZ" 
      

This example adds the user with user name SCARECROW to the domain LANDOFOZ. The password for the user account is OverTheRainbow. The user is made a member of the Administrators local group, may connect to a server from 8:00 AM to 4:59 PM Monday through Friday, and all day Saturday and Sunday. The password for the account will not be initially expired.

#2

 LANDOFOZ\\TINMAN> ADD USER FRIENDLY/PASSWORD="PotOfGold"- 
 _LANDOFOZ\\TINMAN> /EXPIRATION_DATE=09-JUN-2001 
 %PWRK-S-USERADD, user "FRIENDLY" added to domain "LANDOFOZ" 
      

This example adds the user with user name FRIENDLY to the domain LANDOFOZ, and sets the account to expire June 9, 2001.


CLEAR EVENTS

Clears all the events from the selected event log file.

Format

CLEAR EVENTS [/qualifiers]

restrictions

Use of this command requires membership in the Administrators local group.

Related Commands

SAVE EVENTS
SHOW EVENTS

Qualifiers

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/TYPE=log-type

Specifies the log file to be cleared. The log-type keyword can be one of the following:
Log-Type Log File
APPLICATION The application log file
SECURITY The security log file
SYSTEM The system log file (the default)

/SERVER=server-name

Specifies the name of the server on which to clear the events. The default is the server currently being administered.

Example


LANDOFOZ\\TINMAN> CLEAR EVENTS/TYPE=SECURITY 
Clear the Security Event Log [YES or NO] (YES) : YES 
%PWRK-S-ELFCLEARED, Security Event Log on server "TINMAN" cleared 
      

This example clears the Security Event Log file on the server currently being administered (TINMAN). A confirmation is required.


CLOSE OPEN_FILE

Closes one or all of the resources open on a server.

Format

CLOSE OPEN_FILE resource-id [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Server Operators local group.

Related Commands

SHOW OPEN_FILES

Parameters

resource-id

Specifies the resource ID of the resource to be closed, or * to close all open resources. You can obtain the resource ID for a specific open resource from the SHOW OPEN_FILES command display.

Note that some administration resources are opened on behalf of the system or the ADMINISTER interface. You cannot close these resources. The system will close them when appropriate.


Qualifiers

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/SERVER=server-name

Specifies the name of the server on which to close the resource. The default is the server currently being administered.

Examples

#1

 LANDOFOZ\\TINMAN> CLOSE OPEN_FILE 4 
 
 The user DOT has opened the resource for Write. 
 
 Are you sure you want to close TINMAN$DKA1:[SHARES.S1]A.TXT ? 
 [YES or NO] (YES) : 
 %PWRK-S-FILECLOSE, file with resource ID 4 on server "TINMAN" closed 
 
      

This example closes the resource that has ID 4 on the server currently being administered (TINMAN). By default, confirmation is required before the resource is closed.

#2

 LANDOFOZ\\TINMAN> CLOSE OPEN_FILE * 
 
 Some of the users have resources open for Write. Closing those open 
 resources may result in loss of data. 
 
 Are you sure you want to close all open resources ? [YES or NO] 
 (YES) : 
 %PWRK-S-FILECLOSE, file with resource ID 2 on server "TINMAN" closed 
 %PWRK-S-FILECLOSE, file with resource ID 6 on server "TINMAN" closed 
 %PWRK-E-ERRCLSFILE, error closing file ID 9997 
 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number 
 %PWRK-E-ERRCLSFILE, error closing file ID 9999 
 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number 
 %PWRK-E-ERRCLSFILE, error closing file ID 9998 
 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number 
 %PWRK-E-ERRCLSFILE, error closing file ID 10000 
 -LM-E-NERR_FILEIDNOTF, there isn't an open file with that ID number 
 
      

This example closes all open shared files on server TINMAN. The named pipes (system or administrative resources) are not closed, because they are being used to process the command.


CLOSE SESSION

Disconnects one or all of the sessions currently established to a server.

Format

CLOSE SESSION computer-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group.

Related Commands

SHOW SESSIONS

Parameters

computer-name

Specifies the name of the computer for which sessions are to be closed, or * to close all sessions. Use the SHOW SESSIONS command to display a list of active sessions.

Qualifiers

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before the operation is performed. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/SERVER=server-name

Specifies the name of the server on which to close the sessions. The default is the server currently being administered.

/USERNAME=user-name

Specifies the name of the user whose session is to be closed. If you do not specify the user name, then all sessions from the specified computer are closed.

Example


LANDOFOZ\\TINMAN> CLOSE SESSION DOROTHY/USERNAME=LION 
Do you really want to close session on "DOROTHY" [YES or NO] (YES) : 
%PWRK-S-SESSCLSCU, session from "DOROTHY" for user "LION" closed 
      

This example closes any sessions established to the server TINMAN from the computer named DOROTHY for the user named LION.


CONTINUE PRINT QUEUE

Continues a currently paused OpenVMS Advanced Server print queue. Use the SHOW PRINT QUEUES command to display the list of available queues. This command performs the same function as the SET PRINT QUEUE queue-name/CONTINUE command and is valid only to Compaq OpenVMS servers.

Format

CONTINUE PRINT QUEUE queue-name [/qualifier]

restrictions

Use of this command requires membership in the Administrators, Server Operators, or Print Operators local group.

Related Commands

ADD PRINT QUEUE
PAUSE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES

Parameters

queue-name

Specifies the name of the OpenVMS Advanced Server print queue for which to continue printing.

Qualifiers

/SERVER=server-name

Specifies the name of the server where the specified OpenVMS Advanced Server print queue is defined. The default is the server currently being administered.

Example


LANDOFOZ\\TINMAN> CONTINUE PRINT QUEUE LN03 
%PWRK-S-QUESET, queue "LN03" continued on server "TINMAN" 
      

This example continues the paused print queue LN03 on the server currently being administered (TINMAN).


CONTINUE SERVICE

Continues a currently paused network service. Use the SHOW SERVICES command to display a list of available services.

Format

CONTINUE SERVICE servicename [/qualifier]

restrictions

Use of this command requires membership in the Administrators local group or the Server Operators local group.

Related Commands

PAUSE SERVICE
SHOW SERVICES
START SERVICE
STOP SERVICE

Parameters

servicename

Specifies the name of the network service to continue.

Qualifiers

/SERVER=server-name

Specifies the name of the server on which to continue the service. The default is the server currently being administered.

Example


LANDOFOZ\\TINMAN> CONTINUE SERVICE NETLOGON 
      

This command continues the NetLogon service on the server currently being administered (TINMAN).


Previous Next Contents Index

  [Go to the documentation home page] [How to order documentation] [Help on this site] [How to contact us]  
  privacy and legal statement  
6544PRO_3.HTML