Platform SDK: Network Management

USER_INFO_2

The USER_INFO_2 structure contains information about a user account, including the account name, password data, privilege level, the path to the user's home directory, and other user-related network statistics.

typedef struct _USER_INFO_2 {
  LPWSTR    usri2_name;
  LPWSTR    usri2_password;
  DWORD     usri2_password_age;
  DWORD     usri2_priv;
  LPWSTR    usri2_home_dir;
  LPWSTR    usri2_comment;
  DWORD     usri2_flags;
  LPWSTR    usri2_script_path;
  DWORD     usri2_auth_flags;
  LPWSTR    usri2_full_name;
  LPWSTR    usri2_usr_comment;
  LPWSTR    usri2_parms;
  LPWSTR    usri2_workstations;
  DWORD     usri2_last_logon;
  DWORD     usri2_last_logoff;
  DWORD     usri2_acct_expires;
  DWORD     usri2_max_storage;
  DWORD     usri2_units_per_week;
  PBYTE     usri2_logon_hours;
  DWORD     usri2_bad_pw_count;
  DWORD     usri2_num_logons;
  LPWSTR    usri2_logon_server;
  DWORD     usri2_country_code;
  DWORD     usri2_code_page;
}USER_INFO_2, *PUSER_INFO_2, *LPUSER_INFO_2;

Members

usri2_name

Pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this member. The number of characters in the name cannot exceed the value of UNLEN.

usri2_password

Pointer to a Unicode string that specifies the password for the user identified by the usri2_name member. The length cannot exceed PWLEN bytes. The NetUserEnum and NetUserGetInfo functions return a NULL pointer to maintain password security.

By convention, Windows NT/Windows 2000 limits the length of passwords to LM20_PWLEN characters. This convention allows LAN Manager, Windows 3.x, Windows for Workgroups 3.x, Windows 95, and Windows 98 clients to access a Windows NT/Windows 2000 server using the account.

usri2_password_age

Specifies a DWORD value that indicates the number of seconds that have elapsed since the usri2_password member was last changed. The NetUserAdd and NetUserSetInfo functions ignore this member.

usri2_priv

Specifies a DWORD value that indicates the level of privilege assigned to the usri2_name member. For calls to the NetUserAdd function, this member must be USER_PRIV_USER. For the NetUserSetInfo function, this member must be the value returned by the NetUserGetInfo function or the NetUserEnum function. This member can be one of the following values.

Value	Meaning
USER_PRIV_GUEST	Guest
USER_PRIV_USER	User
USER_PRIV_ADMIN	Administrator

usri2_home_dir

Pointer to a Unicode string specifying the path of the home directory for the user specified by the usri2_name member. The string can be null.

usri2_comment

Pointer to a Unicode string that contains a comment to associate with the user account. The string can be a null string, or it can have any number of characters before the terminating null character.

usri2_flags

Specifies a DWORD value that determines several features. This member can be one or more of the following values.

Value	Meaning
UF_SCRIPT	The logon script executed. This value must be set for LAN Manager 2.0 and Windows NT/Windows 2000.
UF_ACCOUNTDISABLE	The user's account is disabled.
UF_HOMEDIR_REQUIRED	The home directory is required. This value is ignored in Windows NT/Windows 2000.
UF_PASSWD_NOTREQD	No password is required.
UF_PASSWD_CANT_CHANGE	The user cannot change the password.
UF_LOCKOUT	The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously locked account. You cannot use this value to lock a previously unlocked account.
UF_DONT_EXPIRE_PASSWD	Windows NT/2000: The password should never expire on the account.
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED	Windows 2000: The user's password is stored under reversible encryption in the Active Directory.
UF_NOT_DELEGATED	Windows 2000: Marks the account as "sensitive"; other users cannot act as delegates of this user account.
UF_SMARTCARD_REQUIRED	Windows 2000: Requires the user to log on to the user account with a smart card.
UF_USE_DES_KEY_ONLY	Windows 2000: Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
UF_DONT_REQUIRE_PREAUTH	Windows 2000: This account does not require Kerberos preauthentication for logon.
UF_TRUSTED_FOR_DELEGATION	Windows 2000: The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as that user to other remote servers on the network.

The following values describe the account type. Only one value can be set. You cannot change the account type using the NetUserSetInfo function.

Value Meaning

UF_NORMAL_ACCOUNT This is a default account type that represents a typical user.

UF_TEMP_DUPLICATE_ACCOUNT This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.

UF_WORKSTATION_TRUST_ACCOUNT This is a computer account for a Windows NT/Windows 2000 workstation or Windows NT/Windows 2000 server that is a member of this domain.

UF_SERVER_TRUST_ACCOUNT This is a computer account for a backup domain controller that is a member of this domain.

UF_INTERDOMAIN_TRUST_ACCOUNT This is a permit to trust account for a domain that trusts other domains.

usri2_script_path

Pointer to a Unicode string specifying the path for the user's logon script file. The script file can be a .CMD file, an .EXE file, or a .BAT file. The string can also be null.

usri2_auth_flags

Value	Meaning
UF_NORMAL_ACCOUNT	This is a default account type that represents a typical user.
UF_TEMP_DUPLICATE_ACCOUNT	This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account.
UF_WORKSTATION_TRUST_ACCOUNT	This is a computer account for a Windows NT/Windows 2000 workstation or Windows NT/Windows 2000 server that is a member of this domain.
UF_SERVER_TRUST_ACCOUNT	This is a computer account for a backup domain controller that is a member of this domain.
UF_INTERDOMAIN_TRUST_ACCOUNT	This is a permit to trust account for a domain that trusts other domains.

Specifies a DWORD value that contains a set of bit flags defining the user's operator privileges.

Calls to the NetUserGetInfo and NetUserEnum functions return a value based on the user's local group membership. If the user is a member of Print Operators, AF_OP_PRINT is set. If the user is a member of Server Operators, AF_OP_SERVER is set. If the user is a member of the Account Operators, AF_OP_ACCOUNTS is set. AF_OP_COMM is never set.

Windows NT/2000: The following restrictions apply:

When you call the NetUserAdd function, this member must be zero.
When you call the NetUserSetInfo function, this member must be the value returned from a call to NetUserGetInfo or to NetUserEnum.

This member can be one or more of the following values.

Value Meaning

AF_OP_PRINT The print operator privilege is enabled.

AF_OP_COMM The communications operator privilege is enabled.

AF_OP_SERVER The server operator privilege is enabled.

AF_OP_ACCOUNTS The accounts operator privilege is enabled.

usri2_full_name

Pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any number of characters before the terminating null character.

usri2_usr_comment

Pointer to a Unicode string that contains a user comment. This string can be a null string, or it can have any number of characters before the terminating null character.

usri2_parms

Pointer to a Unicode string that is reserved for use by applications. This string can be a null string, or it can have any number of characters before the terminating null character. Microsoft products use this member to store user configuration information. Do not modify this information.

usri2_workstations

Value	Meaning
AF_OP_PRINT	The print operator privilege is enabled.
AF_OP_COMM	The communications operator privilege is enabled.
AF_OP_SERVER	The server operator privilege is enabled.
AF_OP_ACCOUNTS	The accounts operator privilege is enabled.

Pointer to a Unicode string that contains the names of workstations from which the user can log on. As many as eight workstations can be specified; the names must be separated by commas. A null string indicates that there is no restriction. To disable logons from all workstations to this account, set the UF_ACCOUNTDISABLE value in the usriX_flags member.

usri2_last_logon

Specifies a DWORD value that indicates when the last logon occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT. This member is ignored by the NetUserAdd and NetUserSetInfo functions.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logon occurred at the time indicated by the largest retrieved value.

usri2_last_logoff

Specifies a DWORD value that indicates when the last logoff occurred. This value is stored as the number of seconds that have elapsed since 00:00:00, January 1, 1970, GMT. A value of zero indicates that the last logoff time is unknown.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The last logoff occurred at the time indicated by the largest retrieved value.

usri2_acct_expires

Specifies a DWORD value that indicates when the account expires. This value is stored as the number of seconds elapsed since 00:00:00, January 1, 1970, GMT. A value of TIMEQ_FOREVER indicates that the account never expires.

usri2_max_storage

Specifies a DWORD value that indicates the maximum amount of disk space the user can use. Specify USER_MAXSTORAGE_UNLIMITED to use all available disk space.

usri2_units_per_week

Specifies a DWORD value that indicates the number of equal-length time units into which the week is divided. This value is required to compute the length of the bit string in the usri2_logon_hours member.

This value must be UNITS_PER_WEEK for LAN Manager 2.0. This element is ignored by the NetUserAdd and NetUserSetInfo functions.

Windows NT/2000: For Windows NT/Windows 2000 services, the units must be one of the following values: SAM_DAYS_PER_WEEK, SAM_HOURS_PER_WEEK, or SAM_MINUTES_PER_WEEK.

usri2_logon_hours

Pointer to a 21-byte (168 bits) bit string that specifies the times during which the user can log on. Each bit represents a unique hour in the week, in Greenwich Mean Time (GMT).

The first bit (bit 0, word 0) is Sunday, 0:00 to 0:59; the second bit (bit 1, word 0) is Sunday, 1:00 to 1:59; and so on. Note that bit 0 in word 0 represents Sunday from 0:00 to 0:59 only if you are in the GMT time zone. In all other cases you must adjust the bits according to your time zone offset (for example, GMT minus 8 hours for Pacific Standard Time).

Specify a null pointer in this member when calling the NetUserAdd function to indicate no time restriction. Specify a null pointer when calling the NetUserSetInfo function to indicate that no change is to be made to the times during which the user can log on.

usri2_bad_pw_count

Specifies a DWORD value that indicates the number of times the user tried to log on to the account using an incorrect password. A value of – 1 indicates that the value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.

This member is replicated from the primary domain controller (PDC); it is also maintained on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user tried to log on using an incorrect password is the largest value retrieved.

usri2_num_logons

Specifies a DWORD value that indicates the number of times the user logged on successfully to this account. A value of – 1 indicates that the value is unknown. Calls to the NetUserAdd and NetUserSetInfo functions ignore this member.

This member is maintained separately on each backup domain controller (BDC) in the domain. To obtain an accurate value, you must query each BDC in the domain. The number of times the user logged on successfully is the sum of the retrieved values.

usri2_logon_server

Pointer to a Unicode string that contains the name of the server to which logon requests are sent. Server names should be preceded by two backslashes (\\). To indicate that the logon request can be handled by any logon server, specify an asterisk (\\*) for the server name. A null string indicates that requests should be sent to the domain controller.

Windows NT/2000: For Windows NT/Windows 2000 servers, NetUserGetInfo and NetUserEnum return \\*. The NetUserAdd and NetUserSetInfo functions ignore this member.

usri2_country_code

Specifies a DWORD value that indicates the country/region code for the user's language of choice.

usri2_code_page

Specifies a DWORD value that indicates the code page for the user's language of choice.

Requirements

  Windows NT/2000: Requires Windows NT 3.1 or later.
  Windows 95/98: Unsupported.
  Header: Declared in Lmaccess.h.

USER_INFO_2

Members

Requirements

See Also