Platform SDK: Network Management

USER_INFO_3

The USER_INFO_3 structure contains information about a user account, including the account name, password data, privilege level, the path to the user's home directory, relative identifiers (RIDs), and other user-related network statistics.

This structure is valid only to Windows NT/Windows 2000 servers and not LAN Manager 2.x servers.

typedef struct _USER_INFO_3 {
  LPWSTR    usri3_name;
  LPWSTR    usri3_password;
  DWORD     usri3_password_age;
  DWORD     usri3_priv;
  LPWSTR    usri3_home_dir;
  LPWSTR    usri3_comment;
  DWORD     usri3_flags;
  LPWSTR    usri3_script_path;
  DWORD     usri3_auth_flags;
  LPWSTR    usri3_full_name;
  LPWSTR    usri3_usr_comment;
  LPWSTR    usri3_parms;
  LPWSTR    usri3_workstations;
  DWORD     usri3_last_logon;
  DWORD     usri3_last_logoff;
  DWORD     usri3_acct_expires;
  DWORD     usri3_max_storage;
  DWORD     usri3_units_per_week;
  PBYTE     usri3_logon_hours;
  DWORD     usri3_bad_pw_count;
  DWORD     usri3_num_logons;
  LPWSTR    usri3_logon_server;
  DWORD     usri3_country_code;
  DWORD     usri3_code_page;
  DWORD     usri3_user_id;
  DWORD     usri3_primary_group_id;
  LPWSTR    usri3_profile;
  LPWSTR    usri3_home_dir_drive;
  DWORD     usri3_password_expired;
}USER_INFO_3, *PUSER_INFO_3, *LPUSER_INFO_3;

Members

usri3_name
Pointer to a Unicode string that specifies the name of the user account. For the NetUserSetInfo function, this member is ignored. The number of characters in the name cannot exceed the value of UNLEN.
usri3_password
Pointer to a Unicode string that specifies the password for the user identified by the usri3_name member. The length cannot exceed PWLEN bytes. The NetUserEnum and NetUserGetInfo functions return a NULL pointer to maintain password security.

By convention, Windows NT/Windows 2000 limits the length of passwords to LM20_PWLEN characters. This convention allows LAN Manager, Windows 3.x, Windows for Workgroups 3.x, Windows 95, and Windows 98 clients to access a Windows NT/Windows 2000 server using the account.

usri3_password_age
Specifies a DWORD value that indicates the number of seconds that have elapsed since the usri3_password member was last changed. The NetUserAdd and NetUserSetInfo functions ignore this member.
usri3_priv
Specifies a DWORD value that indicates the level of privilege assigned to the usri3_name member. The NetUserAdd and NetUserSetInfo functions ignore this member. This member can be one of the following values.
Value Meaning
USER_PRIV_GUEST Guest
USER_PRIV_USER User
USER_PRIV_ADMIN Administrator

usri3_home_dir
Pointer to a Unicode string specifying the path of the home directory of the user specified by the usri3_name member. The string can be null.
usri3_comment
Pointer to a Unicode string that contains a comment to associate with the user account. The string can be a null string, or it can have any number of characters before the terminating null character.
usri3_flags
Specifies a DWORD value that determines several features. This member can be one or more of the following values.
Value Meaning
UF_SCRIPT The logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/Windows 2000.
UF_ACCOUNTDISABLE The user's account is disabled.
UF_HOMEDIR_REQUIRED The home directory is required. This value is ignored in Windows NT/Windows 2000.
UF_PASSWD_NOTREQD No password is required.
UF_PASSWD_CANT_CHANGE The user cannot change the password.
UF_LOCKOUT The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously locked account. You cannot use this value to lock a previously unlocked account.
UF_DONT_EXPIRE_PASSWD Windows NT/2000: The password should never expire on the account.
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED Windows 2000: The user's password is stored under reversible encryption in the Active Directory.
UF_NOT_DELEGATED Windows 2000: Marks the account as "sensitive"; other users cannot act as delegates of this user account.
UF_SMARTCARD_REQUIRED Windows 2000: Requires the user to log on to the user account with a smart card.
UF_USE_DES_KEY_ONLY Windows 2000: Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
UF_DONT_REQUIRE_PREAUTH Windows 2000: This account does not require Kerberos preauthentication for logon.
UF_TRUSTED_FOR_DELEGATION Windows 2000: The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as that user to other remote servers on the network.

The following values describe the account type. Only one value can be set. You cannot change the account type using the NetUserSetInfo function.
Value Meaning
UF_NORMAL_ACCOUNT This is a default account type that represents a typical user.
UF_TEMP_DUPLICATE_ACCOUNT This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
UF_WORKSTATION_TRUST_ACCOUNT This is a computer account for a Windows NT/Windows 2000 workstation or a Windows NT/Windows 2000 server that is a member of this domain.
UF_SERVER_TRUST_ACCOUNT This is a computer account for a backup domain controller that is a member of this domain.
UF_INTERDOMAIN_TRUST_ACCOUNT This is a permit to trust account for a domain that trusts other domains.

usri3_script_path
Pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an .EXE file, or a .BAT file. The string can also be null.
usri3_auth_flags
Specifies a DWORD value that contains a set of bit flags defining the user's operator privileges.

For the NetUserGetInfo and NetUserEnum functions, the appropriate value is returned based on the local group membership. If the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.

The NetUserAdd and NetUserSetInfo functions ignore this member.

This member can be one or more of the following values.
Value Meaning
AF_OP_PRINT The print operator privilege is enabled.
AF_OP_COMM The communications operator privilege is enabled.
AF_OP_SERVER The server operator privilege is enabled.
AF_OP_ACCOUNTS The accounts operator privilege is enabled.

usri3_full_name
Pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any number of characters before the terminating null character.
usri3_usr_comment
Pointer to a Unicode string that contains a user comment. This string can be a null string, or it can have any number of characters before the terminating null character.
usri3_parms
Pointer to a Unicode string that is reserved for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user configuration information. Do not modify this information.
usri3_workstations
Pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight workstations can be specified; the names must be separated by commas. If you do not want to restrict the number of workstations, use a null string. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE value in the usriX_flags member.
usri3_last_logon
Specifies a DWORD value that indicates when the last logon occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT. This member is ignored by the NetUserAdd and NetUserSetInfo functions.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.

usri3_last_logoff
Specifies a DWORD value that indicates when the last logoff occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.

usri3_acct_expires
Specifies a DWORD value that indicates when the account expires. This value is stored as the number of seconds elapsed since 00:00:00, January 1, 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.
usri3_max_storage
Specifies a DWORD value that indicates the maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.
usri3_units_per_week
Specifies a DWORD value that indicates the number of equal-length time units into which the week is divided. This value is required to compute the length of the bit string in the usri3_logon_hours member.

This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.

Windows NT/2000: For Windows NT/Windows 2000 services, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.

usri3_logon_hours
Pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a unique hour in the week, in Greenwich Mean Time (GMT).

The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on. Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).

Specify a null pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a null pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during which the user can log on.

usri3_bad_pw_count
Specifies a DWORD value that indicates the number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.

This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried to log on using an incorrect password is the largest value retrieved.

usri3_num_logons
Specifies a DWORD value that indicates the number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.

usri3_logon_server
Pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be preceded by two backslashes (\\). To indicate that the logon request can be handled by any logon server, specify an asterisk (\\*) for the server name. A null string indicates that requests should be sent to the domain controller. For Windows NT/Windows 2000 servers, NetUserGetInfo and NetUserEnum return \\*. The NetUserAdd and NetUserSetInfo functions ignore this member.
usri3_country_code
Specifies a DWORD value that contains the country/region code for the user's language of choice.
usri3_code_page
Specifies a DWORD value that contains the code page for the user's language of choice.
usri3_user_id
Specifies a DWORD value that contains the relative ID (RID) of the user. The RID is determined by the Security Account Manager (SAM) when the user is created. It uniquely defines the user account to SAM within the domain. The NetUserAdd and NetUserSetInfo functions ignore this member.
usri3_primary_group_id
Specifies a DWORD value that contains the RID of the Primary Global Group for the user. When you call the NetUserAdd function, this member must be DOMAIN_GROUP_RID_USERS (defined in NTSEAPI.H). When you call NetUserSetInfo, this member must be the RID of a global group in which the user is enrolled.
usri3_profile
Pointer to a Unicode string that specifies a path to the user's profile. This value can be a null string, a local absolute path, or a UNC path.
usri3_home_dir_drive
Pointer to a Unicode string that specifies the drive letter assigned to the user's home directory for logon purposes.
usri3_password_expired
Specifies a DWORD value that contains password expiration information.

The NetUserGetInfo and NetUserEnum functions return zero if the password has not expired (and nonzero if it has).

When you call NetUserAdd or NetUserSetInfo, specify a nonzero value in this member to inform users that they must change their password at the next logon. To turn off this message, call NetUserSetInfo and specify zero in this member. Note that you cannot specify zero to negate the expiration of a password that has already expired.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Windows 95/98: Unsupported.
  Header: Declared in Lmaccess.h.

See Also

Network Management Overview, Network Management Structures, User Functions, NetUserAdd, NetUserEnum, NetUserSetInfo, NetUserGetInfo