Platform SDK: Network Management |
The USER_INFO_3 structure contains information about a user account, including the account name, password data, privilege level, the path to the user's home directory, relative identifiers (RIDs), and other user-related network statistics.
This structure is valid only to Windows NT/Windows 2000 servers and not LAN Manager 2.x servers.
typedef struct _USER_INFO_3 { LPWSTR usri3_name; LPWSTR usri3_password; DWORD usri3_password_age; DWORD usri3_priv; LPWSTR usri3_home_dir; LPWSTR usri3_comment; DWORD usri3_flags; LPWSTR usri3_script_path; DWORD usri3_auth_flags; LPWSTR usri3_full_name; LPWSTR usri3_usr_comment; LPWSTR usri3_parms; LPWSTR usri3_workstations; DWORD usri3_last_logon; DWORD usri3_last_logoff; DWORD usri3_acct_expires; DWORD usri3_max_storage; DWORD usri3_units_per_week; PBYTE usri3_logon_hours; DWORD usri3_bad_pw_count; DWORD usri3_num_logons; LPWSTR usri3_logon_server; DWORD usri3_country_code; DWORD usri3_code_page; DWORD usri3_user_id; DWORD usri3_primary_group_id; LPWSTR usri3_profile; LPWSTR usri3_home_dir_drive; DWORD usri3_password_expired; }USER_INFO_3, *PUSER_INFO_3, *LPUSER_INFO_3;
By convention, Windows NT/Windows 2000 limits the length of passwords to LM20_PWLEN characters. This convention allows LAN Manager, Windows 3.x, Windows for Workgroups 3.x, Windows 95, and Windows 98 clients to access a Windows NT/Windows 2000 server using the account.
Value | Meaning |
---|---|
USER_PRIV_GUEST | Guest |
USER_PRIV_USER | User |
USER_PRIV_ADMIN | Administrator |
Value | Meaning |
---|---|
UF_SCRIPT | The logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/Windows 2000. |
UF_ACCOUNTDISABLE | The user's account is disabled. |
UF_HOMEDIR_REQUIRED | The home directory is required. This value is ignored in Windows NT/Windows 2000. |
UF_PASSWD_NOTREQD | No password is required. |
UF_PASSWD_CANT_CHANGE | The user cannot change the password. |
UF_LOCKOUT | The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously locked account. You cannot use this value to lock a previously unlocked account. |
UF_DONT_EXPIRE_PASSWD | Windows NT/2000: The password should never expire on the account. |
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED | Windows 2000: The user's password is stored under reversible encryption in the Active Directory. |
UF_NOT_DELEGATED | Windows 2000: Marks the account as "sensitive"; other users cannot act as delegates of this user account. |
UF_SMARTCARD_REQUIRED | Windows 2000: Requires the user to log on to the user account with a smart card. |
UF_USE_DES_KEY_ONLY | Windows 2000: Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. |
UF_DONT_REQUIRE_PREAUTH | Windows 2000: This account does not require Kerberos preauthentication for logon. |
UF_TRUSTED_FOR_DELEGATION | Windows 2000: The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as that user to other remote servers on the network. |
The following values describe the account type. Only one value can be set. You cannot change the account type using the NetUserSetInfo function.
Value | Meaning |
---|---|
UF_NORMAL_ACCOUNT | This is a default account type that represents a typical user. |
UF_TEMP_DUPLICATE_ACCOUNT | This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account. |
UF_WORKSTATION_TRUST_ACCOUNT | This is a computer account for a Windows NT/Windows 2000 workstation or a Windows NT/Windows 2000 server that is a member of this domain. |
UF_SERVER_TRUST_ACCOUNT | This is a computer account for a backup domain controller that is a member of this domain. |
UF_INTERDOMAIN_TRUST_ACCOUNT | This is a permit to trust account for a domain that trusts other domains. |
For the NetUserGetInfo and NetUserEnum functions, the appropriate value is returned based on the local group membership. If the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.
The NetUserAdd and NetUserSetInfo functions ignore this member.
This member can be one or more of the following values.
Value | Meaning |
---|---|
AF_OP_PRINT | The print operator privilege is enabled. |
AF_OP_COMM | The communications operator privilege is enabled. |
AF_OP_SERVER | The server operator privilege is enabled. |
AF_OP_ACCOUNTS | The accounts operator privilege is enabled. |
This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.
This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.
This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.
Windows NT/2000: For Windows NT/Windows 2000 services, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.
The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on. Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).
Specify a null pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a null pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during which the user can log on.
This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried to log on using an incorrect password is the largest value retrieved.
This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.
The NetUserGetInfo and NetUserEnum functions return zero if the password has not expired (and nonzero if it has).
When you call NetUserAdd or NetUserSetInfo, specify a nonzero value in this member to inform users that they must change their password at the next logon. To turn off this message, call NetUserSetInfo and specify zero in this member. Note that you cannot specify zero to negate the expiration of a password that has already expired.
Windows NT/2000: Requires Windows NT 3.1 or later.
Windows 95/98: Unsupported.
Header: Declared in Lmaccess.h.
Network Management Overview, Network Management Structures, User Functions, NetUserAdd, NetUserEnum, NetUserSetInfo, NetUserGetInfo