Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index


LOGOUT

LOGOUT is a synonym for the LOGOFF command. See the LOGOFF command for further information.

MODIFY GROUP

Changes the attributes and memberships of an existing local or global group.

Format

MODIFY GROUP group-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group.

Related Commands


Parameters

group-name

Specifies the name of an existing local or global group that you wish to modify.

Qualifiers

/ADD_MEMBERS=([domain-name\]member-name[,...])

Adds the specified members to the group and does not change any existing membership for unspecified members.

If the group being modified is a local group, you can add user accounts and global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain currently being administered.

If the group being modified is a global group, you can add user accounts only from the domain being administered.

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the group. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION indicates that the description is to be blank. If the /DESCRIPTION qualifier is not specified, the current description remains unchanged.

/DOMAIN=domain-name

Specifies the name of the domain in which to modify the group. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/REMOVE_MEMBERS=([domain-name\]member-name[,...])

Removes the specified members from the group and does not change any existing membership for unspecified members.

If the group being modified is a local group, you can remove user accounts and global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name (member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain currently being administered.

If the group being modified is a global group, you can remove user accounts only from the domain being administered.

/SERVER=server-name

Specifies the name of a server that is a member of the domain in which to modify the group. Do not specify both /DOMAIN and /SERVER on the same command line.

Example


LANDOFOZ\\TINMAN> MODIFY GROUP MUNCHKINS/REMOVE_MEMBERS=SCARECROW 
%PWRK-S-GROUPMOD, group "MUNCHKINS" modified on domain "LANDOFOZ" 
      

This example removes the user SCARECROW from the group MUNCHKINS.


MODIFY SHARE

Modifies attributes of an existing directory or print share.

Format

MODIFY SHARE share-name [/qualifiers]

restrictions

Membership in the Administrators, Account Operators, or Server Operators local group is required to administer directory and print shares. Print shares may also be administered by members of the Print Operators group.

Related Commands


Parameters

share-name

Specifies the name of an existing directory or print share that you wish to modify.

Qualifiers

/CONFIRM

/NOCONFIRM

Controls whether you are prompted for a confirmation before removing all permissions from a share. The default is /CONFIRM if running in interactive mode. When the prompt is issued, the default response is shown, and you may accept the default by pressing Return or Enter. If you type YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is performed. If you type anything else, the prompt is repeated until you type an acceptable response. No prompt for confirmation is issued if running in batch mode.

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 48 characters used to provide descriptive information about the share. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION indicates that the description is to be blank. If the /DESCRIPTION qualifier is not specified, the current description remains unchanged.

/HOST_ATTRIBUTES=(attribute-type[,...])

Sets host-system-specific attributes for the share. Host attributes are valid only for directory shares on OpenVMS servers. For the value of attribute-type, you can specify one or more of the keywords DIRECTORY_PROTECTION, FILE_PROTECTION, and RMS_FORMAT, as follows:













DIRECTORY_PROTECTION=(ownership:access[,...])
  Specifies the default OpenVMS RMS protections for subdirectories created in the shared directory. The protection of existing subdirectories is not affected.
  Specify the ownership keyword as any of the following:
  Ownership Description
  OWNER File owner (also applies to SYSTEM)
  GROUP Users in same UIC group
  WORLD All other users
  Specify the access keyword as any combination of the following:
  Access Description
  R Read-only access. Users can display files that they have permission to access in the directory.
  W Write access. Users can create files in the directory, and can edit and delete files that they have permission to access. Write access implies delete access.
  E Execute access. Users can run program files that they have permission to access in the directory.
  Owner access is also applied to SYSTEM. The default RMS directory protection is OWNER:RWED, GROUP:RWED, WORLD:RE.
FILE_PROTECTION=(ownership:access[,...])
  Specifies the default OpenVMS RMS protections for files created in the shared directory. The protection of existing files is not affected.
  Specify the ownership keyword as any of the following:
  Ownership Description
  OWNER File owner (also applies to SYSTEM)
  GROUP Users in same UIC group
  WORLD All other users
  Specify the access keyword as any combination of the following:
  Access Description
  R Read-only access. Users with access to the directory can display files stored there.
  W Write access. Users with access to the directory can edit and delete files stored there. Write access implies delete access.
  E Execute access. Users with access to the directory can run program files stored there.
  Owner access is also applied to SYSTEM. The default RMS file protection is OWNER:RWD, GROUP:RWD, WORLD:R.
RMS_FORMAT=record-type
  Specifies the OpenVMS RMS record format of files created in the shared directory.
  The record-type keyword can be one of the following:
  Record-type Description
  SEQUENTIAL_FIXED
    Files created in the shared directory are RMS sequential files with fixed length 512 byte records.
  STREAM Files created in the shared directory are RMS stream format files. This is the default.
  UNDEFINED Files created in the shared directory have no specific RMS format. The format is defined by the application writing the file.

/LIMIT=connect-limit

/NOLIMIT

Specifies the maximum number of users who can connect to the shared directory at one time. /NOLIMIT, the default, specifies there is no maximum connection limit.

/PERMISSIONS=([domain-name\]name=access[,...])

/NOPERMISSIONS

Specifies the access permissions for the directory share. These permissions control network access to the directory share, and determine which users or groups can access the shared directory, and the type of access they are allowed. When a directory is shared, the default is to grant FULL access to everyone. This permission allows anyone to do anything they wish to any of the files or subdirectories in the directory tree.

Use the /PERMISSIONS qualifier to add permissions to a resource for specified users or groups. Use the /NOPERMISSIONS qualifier to remove all permissions for all or specified users or groups. If you remove all permissions from a share, no one will be able to access it, and only the owner will be able to change the permissions.

The permissions list name=access is a list of users and groups allowed to access the shared resource, and the type of access granted to each user or group. It must be enclosed in parentheses, and consists of one or more name=access pairs, where name can be any valid user or group name from this or another trusted domain.

To specify a user or group name in a trusted domain, enter the domain-qualified name (name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, the user account or group is assumed to be defined in the domain of the server currently being administered.

Access depends on the type of share being modified.

If the share is a directory share, access can be any one of the following:
Access Description
NONE Prevents any access to the shared directory, its subdirectories, and their files.
READ Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, and running applications.
CHANGE Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, running applications, adding files and subdirectories, changing data in files, and deleting subdirectories and files.
FULL Allows viewing file names and subdirectory names, traversing to subdirectories, viewing data in files, running applications, adding files and subdirectories, changing data in files, deleting subdirectories and files, changing file and directory permissions, and taking ownership of files and directories.

If the share is a print share, access can be any one of the following:
Access Description
NONE Prevents any access to the printer.
PRINT Allows printing of documents.
MANAGE_DOCUMENTS
  Allows holding, releasing, and deleting of print jobs, and changing the order in which jobs print.
FULL Allows printing of documents; holding, releasing and deleting of print jobs; changing the order in which jobs print; aborting and restarting of jobs being printed; pausing, continuing and purging of the print queue; changing of print queue settings; removal of the print queue; and changing of print resource permissions.

/SERVER=server-name

Specifies the name of the server on which to modify the shared resource. The default is the server currently being administered.

Examples

#1

 LANDOFOZ\\TINMAN> MODIFY SHARE TORNADO/NOPERMISSIONS=EVERYONE - 
 _LANDOFOZ\\TINMAN> /PERMISSIONS=(SCARECROW=FULL)/NOCONFIRM 
 %PWRK-S-SHAREMOD, share "TORNADO" modified on server "TINMAN" 
      

This example modifies the directory share named TORNADO. All permissions for the group EVERYONE are removed, and the user SCARECROW is granted full access to the files and directories in the share.

#2

 LANDOFOZ\\TINMAN> MODIFY SHARE TOTO/LIMIT=5/NOCONFIRM 
 %PWRK-S-SHAREMOD, share "TOTO" modified on server "TINMAN" 
      

This example modifies the print share named TOTO. The maximum connections allowed to the shared resource is set to 5.


MODIFY USER

Modifies the attributes and memberships of an existing local or global user account.

Format

MODIFY USER user-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group.

Related Commands


Parameters

user-name

Specifies the name of an existing local or global user account that you wish to modify.

Qualifiers

/ADD_TO_GROUPS=(group-name[,...])

Adds the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups.

/DESCRIPTION=string

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the user. Enclose the string in quotation marks to preserve case (the default is uppercase). /NODESCRIPTION indicates that the description is to be blank. If the /DESCRIPTION qualifier is not specified, the current description remains unchanged.

/DOMAIN=domain-name

Specifies the name of the domain in which to modify the user account. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/EXPIRATION_DATE=date

/NOEXPIRATION_DATE

Specifies whether the account has an expiration date, and, if so, the date the account is to expire. The date is specified in the standard OpenVMS date format (dd-mmm-yyyy). /NOEXPIRATION_DATE specifies that the account will not have an expiration date, and therefore will never expire.

/FLAGS=(option[,...])

Specifies the logon flags for the user account. Precede the option keyword with NO to clear the specified flag. The option keyword can be one or more of the following:
Option Description
[NO]DISPWDEXPIRATION
  Prevents the password from expiring, overriding the Maximum Password Age setting for the account policy. Select this option for user accounts that will be assigned to services. Selection of this option overrides the PWDEXPIRED option. NODISPWDEXPIRATION is the default if you specify neither DISPWDEXPIRATION nor NODISPWDEXPIRATION. Do not specify the DISPWDEXPIRATION and PWDEXPIRED options in the same command.
[NO]DISUSER
  Disables the account so the user cannot logon. You might disable a new account to create an inactive account that can be copied to create new accounts. Or, you might temporarily disable an account if it does not need to be used until a later date. You cannot disable the built-in Administrator account. NODISUSER is the default if you specify neither DISUSER nor NODISUSER.
Option Description
[NO]PWDEXPIRED
  The password is initially expired. This forces the user to change the password at the next logon. PWDEXPIRED is the default if you specify neither PWDEXPIRED nor NOPWDEXPIRED. Do not specify the PWDEXPIRED option in the same command line with either the PWDLOCKED or the DISPWDEXPIRATION option.
[NO]PWDLOCKED
  Prevents the user from changing the password. This option is usually applied only to user accounts used by more than one person, such as the Guest account. NOPWDLOCKED is the default if you specify neither PWDLOCKED nor NOPWDLOCKED. Do not specify the PWDLOCKED and PWDEXPIRED options in the same command.

/FULLNAME="full_user_name"

/NOFULLNAME

The full name is the user's complete name, and can be up to 256 characters in length. Enclose the string in quotation marks to preserve case (the default is uppercase). Establish a standard for entering full names, so that they always begin with either the first name (Louise G. Morgan) or the last name (Morgan, Louise G.), because the full name can affect the sort order for the SHOW USERS command. /NOFULLNAME specifies a blank full name.

/GLOBAL

Specifies that the account is to be a global account. User accounts can be either global or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. Do not specify both /GLOBAL and /LOCAL on the same command line.

/HOME=(option[,...])

/NOHOME

Specifies a user's home directory information. A home directory is a directory that is accessible to a user and contains files and programs for the user. It becomes the user's default directory for the File Open and Save As dialog boxes, for the command prompt, and for all applications that do not have a working directory defined. A home directory can be assigned to a single user or it can be shared by many users.

A home directory can be a shared network directory or a local directory on a user's workstation. If you specify a network path for the home directory, you must also specify a drive letter to be assigned to the path when the user logs on. If the specified directory does not exist, an attempt will be made to create it. If the directory cannot be created, a message will be issued instructing you to manually create the directory. If you specify a local path for the home directory, do not include a drive letter. You must manually create the directory if it does not exist. /NOHOME, the default, specifies that the user will not have a home directory.

The option keyword can be one or more of the following:
Option Description
DRIVE= driveletter
  Specifies the drive letter to use for connecting to the home directory if the home directory specified in the PATH option is a shared network directory. The driveletter can be from C to Z.
PATH= homepath
  Specifies an optional home directory that is accessible to the user and contains files and programs for the user. The homepath must be an absolute path of a directory local to the user's workstation, or a UNC (Universal Naming Convention) path of a shared network directory.

/HOURS=(logon-time[,...])

/NOHOURS

Specifies the days and hours when the user can connect to a server. /NOHOURS specifies that the user cannot connect at any time of any day. Specify logon-time in the following format:

day=([n-m],[n],[*])

where n and m are hours of the day, and day is any one of the following:

SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL

Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock. You can specify a single hour (n), ranges of hours (n-m), or all hours of the day (*). Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour. If you specify no hours, all hours are allowed for the specified days.

/LOCAL

Specifies that the account is to be a local account. User accounts can be either global or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain.

/NAME=new-user-name

Specifies a new name for the user account. The user name can be from 1 to 20 characters in length, and cannot be identical to any other user or group name in the domain or server being administered.

/PASSWORD[=password]

/NOPASSWORD

Specifies the password for the user account. Passwords are case sensitive, and can be up to 14 characters in length. If you enter /PASSWORD with no value, or with a value of *, you are prompted for a password and a confirmation, which will not be displayed as they are entered. /NOPASSWORD specifies that the account will have a blank password. With /NOPASSWORD, the default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for a password. However, you can override this default for /NOPASSWORD, such as by specifying the /FLAGS=PWDEXPIRED qualifier.

/PRIMARY_GROUP=group-name

Sets the user account's primary group. A primary group is used when a user logs on using Windows NT Services for Macintosh, or runs POSIX applications. The group-name must be a global group of which the user is a member.

/PROFILE=profile-path

/NOPROFILE

Specifies a path for an optional user profile. The path should be a network path that includes a file name. The file name can be that of a personal user profile (.USR file name extension) or a mandatory user profile (.MAN file name extension). For example, you might enter:

/PROFILE="\\eng\profiles\johndoe.usr"

/NOPROFILE specifies that the user will not have a profile.

/REMOVE_FROM_GROUPS=(group-name[,...])

Removes the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups. A user account cannot be removed from membership in its primary group.

/SCRIPT=script-name

/NOSCRIPT

Specifies a name for an optional logon script that runs each time the user logs on. A logon script can be a batch file (.BAT or .CMD file name extension) or an executable program (.EXE file name extension). A single logon script can be assigned to one or more user accounts. When a user logs on, the server authenticating the logon locates the logon script by following the server's logon script path. The script-name specifies a file relative to that path. /NOSCRIPT specifies that the user will have no logon script.

/SERVER=server-name

Specifies the name of a server that is a member of the domain in which to modify the user. Do not specify both /DOMAIN and /SERVER on the same command line.

/UNLOCK

Unlocks a user's account. A user's account is locked if the user has made a specified number of failed attempts to log on (for example, using an invalid password). Use the SET ACCOUNT POLICY command to specify the number of failed attempts to allow.

/WORKSTATIONS=(workstation-name[,...])

Specifies up to eight workstations from which the user can log on to the domain. The workstation-name is a 1 to 15 character name of a workstation. You may use an asterisk (*) for the workstation name to specify all workstations.

Example


LANDOFOZ\\TINMAN> MODIFY USER SCARECROW/ADD_TO_GROUPS=MUNCHKINS - 
_LANDOFOZ\\TINMAN> /HOME=(DRIVE=D,PATH=\\TINMAN\USERS\SCARECROW) 
%PWRK-S-USERMOD, user "SCARECROW" modified on domain "LANDOFOZ" 
      


Previous Next Contents Index