Compaq Advanced Server for OpenVMS
Commands Reference Manual


Previous Contents Index


COPY GROUP

Adds a new group based upon an existing group. In many situations, it may be quicker and more convenient to copy an existing group than it would be to create an entirely new one. One major benefit of copying a group is that the new group will have the same members as does the original group. However, the permissions and rights of the original group are not copied to the new group. The new group will be of the same type (local or global) as the original group. All attributes of the old group are copied to the new group, except for those overridden by qualifiers.

Format

COPY GROUP group-name newgroup-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group.

Related Commands

ADD GROUP
MODIFY GROUP
REMOVE GROUP
SHOW GROUPS

Parameters

group-name

Specifies the name of the existing group to be copied.

newgroup-name

Specifies the name for the new group to be created, and can be 1 to 20 characters in length. The new group name cannot be identical to any other group or user name of the domain or server being administered.

Qualifiers

/ADD_MEMBERS=([domain-name\]member-name[,...])

Adds the specified members to the new group and does not change any existing membership in the group.

If the group being copied is a local group, you can add user accounts and global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, it is assumed that the user account or group is defined in the domain currently being administered.

If the group being copied is a global group, you can add user accounts only from the domain being administered.

/DESCRIPTION="string"

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the group. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION, the default, indicates that the description is to be blank.

/DOMAIN=domain-name

Specifies the name of the domain from and to which the group is to be copied. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/REMOVE_MEMBERS=([domain-name\]member-name[,...])

Removes the specified members from the group and does not change any existing membership for unspecified members.

If the group being copied is a local group, you can remove user accounts and global groups from the domain being administered and from domains it trusts. To specify a user account or global group in a trusted domain, enter a domain-qualified name (domain-name\member-name), such as KANSAS\DOLE, where KANSAS is the name of the trusted domain, and DOLE is the user or group name defined in the trusted domain. If you omit the domain name, it is assumed that the user account or group is defined in the domain currently being administered.

If the group being copied is a global group, you can remove user accounts only from the domain being administered.

/SERVER=server-name

Specifies the name of a server that is a member of the domain from and to which the group is to be copied. Do not specify both /DOMAIN and /SERVER on the same command line.

Example


LANDOFOZ\\TINMAN> COPY GROUP MUNCHKINS OZ - 
_LANDOFOZ\\TINMAN> /DESCRIPTION="The Land of OZ" - 
_LANDOFOZ\\TINMAN> /ADD_MEMBERS=(WIZARD,"Good Witch") 
%PWRK-S-GROUPCOPY, group "MUNCHKINS" copied to "OZ" in domain 
"LANDOFOZ" 
      

This example creates a new group called OZ based upon the characteristics and memberships of the existing group MUNCHKINS. The new group has the description "The Land of OZ". It contains any existing members of the group MUNCHKINS, with new members WIZARD and Good Witch added.


COPY USER

Adds a new user account based upon an existing user account. In many situations, it may be quicker and more convenient to copy an existing user account than it would be to create an entirely new one. One major benefit of copying a user account is that group memberships are copied to the new account. However, the permissions and built-in abilities of the original user account are not copied to the new user account. The new user account will be of the same type (local or global) as the original user account. All other attributes of the old user account are copied to the new user account, except for those overridden by qualifiers.

Format

COPY USER user-name new-user-name [/qualifiers]

restrictions

Use of this command requires membership in the Administrators or Account Operators local group. Only a member of the Administrators local group can add users to the Administrator's local group.

Related Commands

ADD USER
MODIFY USER
REMOVE USER
SHOW USERS

Parameters

user-name

Specifies the name of the existing user account to be copied.

new-user-name

Specifies the name for the new user account to be created, and can be 1 to 20 characters in length. The new user account name cannot be identical to any other user account or group name in the domain or server being administered.

Qualifiers

/ADD_TO_GROUPS=(group-name[,...])

Adds the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups.

/DESCRIPTION="string"

/NODESCRIPTION

Specifies a string of up to 256 characters used to provide descriptive information about the user. Enclose the string in quotation marks if it contains lowercase letters, blanks (spaces) or other nonalphanumeric characters. /NODESCRIPTION indicates that the description is to be blank.

/DOMAIN= domain-name

Specifies the name of the domain from and to which the user account is to be copied. The default is the domain currently being administered. Do not specify both /DOMAIN and /SERVER on the same command line.

/EXPIRATION_DATE=date

/NOEXPIRATION_DATE

Specifies whether the account has an expiration date and, if so, the date the account is to expire. The date is specified in the standard OpenVMS date format (dd-mmm-yyyy). /NOEXPIRATION_DATE, the default, specifies that the account will not have an expiration date, and therefore will never expire.

/FLAGS=(option[,...])

Specifies the logon flags for the user account. All flags are copied from the original user except DISUSER. Precede the option keyword with NO to clear the specified flag. The option keyword can be one or more of the following:
Option Description
[NO]DISPWDEXPIRATION
  Prevents the password from expiring, overriding the Maximum Password Age setting for the account policy. Select this option for user accounts that will be assigned to services. Selection of this option overrides the PWDEXPIRED option. Do not specify the DISPWDEXPIRATION and PWDEXPIRED options in the same command line.
[NO]DISUSER
  Disables the account so the user cannot log on. You might disable a new account to create an inactive template account that can be copied to create new accounts. Or, you might temporarily disable an account if it does not need to be used until a later date. The built-in Administrator account cannot be disabled.
[NO]PWDEXPIRED
  The password is initially expired. This forces the user to change the password at the first logon. Do not specify the PWDEXPIRED option in the same command line with either the PWDLOCKED or the DISPWDEXPIRATION option.
[NO]PWDLOCKED
  Prevents the user from changing the password. This option is usually applied only to user accounts used by more than one person, such as the Guest account. Do not specify the PWDLOCKED and PWDEXPIRED options in the same command line.

/FULLNAME=full-user-name

/NOFULLNAME

The full name is the user's complete name, and can be up to 256 characters in length. Enclose the string in quotation marks to preserve case (the default is uppercase). It is a good idea to establish a standard for entering full names, so that they always begin with either the first name (Louise G. Morgan) or the last name (Morgan, Louise G.), because the full name can be used to determine the sorting order in the SHOW USERS command. /NOFULLNAME specifies a blank full name.

/GLOBAL

Specifies that the account is to be a global account. User accounts can be either global or local. Most accounts are global accounts. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. The default is to create a global account.

/HOME=(option[,...])

/NOHOME

Specifies a user's home directory information. A home directory is a directory that is accessible to a user and contains files and programs for the user. This feature applies only when the user logs on from a Windows NT client. The specified home directory becomes the Windows NT user's default directory for the File Open and Save As dialog boxes, for the command prompt, and for all applications that do not have a working directory defined. A home directory can be assigned to a single user or it can be shared by many users. A home directory can be a shared network directory or a local directory on a user's workstation.

If you specify a network path for the home directory, you must also specify a drive letter to be assigned to the path when the user logs on. If the specified directory does not exist, an attempt will be made to create it. If the directory cannot be created, a message will be issued instructing you to manually create the directory.

If you specify a local path for the home directory, do not include the drive letter. You must manually create the directory if it does not exist. /NOHOME, the default, specifies that the user will not have a home directory. The option keyword can be one or more of the following:
Option Description
DRIVE= driveletter
  Specifies the drive letter to use for connecting to the home directory if the home directory specified in the PATH option is a shared network directory. The driveletter can be from C to Z.
PATH= homepath
  Specifies an optional home directory that is accessible to the user and contains files and programs for the user. The homepath must be an absolute path of a directory local to the user's workstation, or a UNC (Universal Naming Convention) path of a shared network directory.

/HOURS=(logon-time[,...])

/NOHOURS

Specifies the days and hours when the user can connect to a server. /NOHOURS specifies that the user cannot connect at any time of any day. Specify logon-time in the following format:

day=([n-m],[n],[*])

where n and m are hours of the day, and day is any one of the following:

SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL

Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock. You can specify a single hour (n), ranges of hours (n-m), or all hours of the day (*). Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour. If you specify no hours, all hours are allowed for the specified days.

/LOCAL

Specifies that the account is to be a local account. User accounts can be either global or local. A global account is a normal user account in the user's home domain. A local account is an account provided in this domain for a user whose global account is not in a trusted domain. The default is to create a global account.

/PASSWORD[="password"]

/NOPASSWORD

Specifies the password for the new user account. Passwords are case sensitive, and can be up to 14 characters in length. The minimum length is set by using the SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command. The default is 0, which permits a blank password. Passwords entered on the command line are converted to uppercase unless enclosed within quotation marks. If the password you specify contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks, unless you enter the password in response to the password prompt. (If you enclose the password in quotation marks at the password prompt, the quotation marks become part of the password.) If you enter /PASSWORD with no value, or with a value of *, you are prompted for a password and a confirmation, which will not be displayed as they are entered. /NOPASSWORD specifies that the account will have a blank password. The password is not copied from the original user account; therefore, if an account is copied without specifying a new password, the new user account will receive a blank password.

With /NOPASSWORD, the default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for a password. However, you can override this default for /NOPASSWORD by specifying the /FLAGS=PWDEXPIRED qualifier.

/PRIMARY_GROUP=group-name

Sets the user account's primary group. A primary group is used when a user logs on using Windows NT Services for Macintosh, or runs POSIX applications. group-name must be a global group of which the user is a member.

/PROFILE=profile-path

/NOPROFILE

Specifies a path for an optional user profile. The path should be a network path that includes a file name. The file name can be that of a personal user profile (.USR file name extension) or a mandatory user profile (.MAN file name extension). For example, you might enter:

/PROFILE="\\eng\profiles\johndoe.usr"

/NOPROFILE specifies that the user will not have a profile.

/REMOVE_FROM_GROUPS=(group-name[,...])

Removes the user as a member of the specified local or global groups and does not change any existing membership in unspecified groups. A user account cannot be removed from membership in its primary group.

/SCRIPT=script-name

/NOSCRIPT

Specifies a name for an optional logon script that runs each time the user logs on. A logon script can be a batch file (.BAT or .CMD file name extension) or an executable program (.EXE file name extension). A single logon script can be assigned to one or more user accounts. When a user logs on, the server authenticating the logon locates the logon script by following the server's logon script path in the \netlogon share. The script-name specifies a file relative to that path. /NOSCRIPT specifies that the user will have no logon script.

/SERVER=server-name

Specifies the name of a server that is a member of the domain from and to which the user account is to be copied. Do not specify both /DOMAIN and /SERVER on the same command line.

/WORKSTATIONS=(workstation-name[,...])

Specifies up to eight workstations from which the user can log on to the domain. The workstation-name is a 1 to 15 character name of a workstation. You may use an asterisk (*) for the workstation-name to specify all workstations.

Example


LANDOFOZ\\TINMAN> COPY USER LION HEART/PASSWORD=GOLD 
%PWRK-S-USERCOPY, user "LION" copied to "HEART" in domain 
"LANDOFOZ" 
      

This example creates a new user account called HEART based upon the existing user LION. All the user characteristics and group memberships are copied to the new user account. The password for the new account is set to GOLD.


EXIT

Exits from the ADMINISTER user interface.

Format

EXIT

restrictions

None

Example


LANDOFOZ\\TINMAN> EXIT 
$ 
      

This example exits from the ADMINISTER user interface so you can enter OpenVMS DCL commands.


HELP

Invokes the OpenVMS help facility to provide information about a command or topic.

Format

HELP [topic /qualifier]

restrictions

None

Parameters

topic

Specifies the command or topic for which help is desired.

Qualifiers

/PAGE

/NOPAGE

Controls whether output to the screen stops after each screenfull (page) of information is displayed. The /PAGE qualifier is the default. If you specify /NOPAGE, output continues until the information display ends or until you manually control the scrolling.

Examples

#1

 $ ADMINISTER HELP ADD 
 
 ADD 
 
   Additional information available: 
 
   COMPUTER    GROUP    HOSTMAP   PRINT    SHARE    TRUST    USER 
 
 ADD Subtopic? 
 
      

This example displays information about using the ADMINISTER ADD command from OpenVMS system command level.

#2

 $ ADMINISTER 
 LANDOFOZ\\TINMAN> HELP ADD 
 
   ADD 
 
     Additional information available: 
 
     COMPUTER    GROUP    HOSTMAP   PRINT    SHARE    TRUST    USER 
 
   ADD Subtopic? 
 
      

This example shows how to enter the HELP ADD command while you are using the ADMINISTER command-line interface.


LOGIN

LOGIN is a synonym for the LOGON command. See the LOGON command for further information.

LOGOFF

Logs the current user off the network. Logging off ensures that no one can use your account to gain access to shared network resources. You may use LOGOUT as a synonym for the LOGOFF command.

After a successful logoff, the domain and server being administered is recomputed. The domain name is set to the local server's domain, and the server name is set to the name of the local server.


Format

LOGOFF

restrictions

None

Related Commands

LOGON

Example


LANDOFOZ\\TINMAN> LOGOFF 
SCARECROW was logged off successfully. 
      

This example assumes that the user SCARECROW was logged on to the network. The LOGOFF command logs SCARECROW off the network.


LOGON

Logs a user on to the network and sets the user name and password used for further network access. You may use LOGIN as a synonym for the LOGON command.

If a user is currently logged on, a warning is issued and an option is given to log the current user off before logging the new user on. After a successful logon, the domain and server being administered is recomputed. The domain name is set to the name of the domain to which you have logged on. The server name is set to the name of the local server, if the local server is a member of the logged on domain; otherwise, the server name is set to the name of the primary domain controller of the logged on domain.


Format

LOGON [user-name [password]] [/qualifier]

restrictions

See the restrictions described for the LOGON password parameter.

Related Commands

LOGOFF

Parameters

user-name

Specifies the user name by which you are identified on the network. If you do not enter a user name, a prompt appears.

password

Specifies the password for the user account. The password is displayed as you enter it. If you do not enter a password, or you enter it as an asterisk (*), a prompt appears. The password is not displayed as you enter it in response to the prompt. If your password contains lowercase letters, blanks (spaces), or other nonalphanumeric characters, enclose it in quotation marks, unless you enter it in response to the password prompt. Passwords entered on the command line are accepted as uppercase characters unless they are enclosed within quotation marks. However, if you are prompted for a new password because your password has expired, the password you enter will be accepted as caseless. If you want your new password to include lowercase letters, you must use the MODIFY USER command with the /PASSWORD qualifier to define the new password. (The MODIFY USER command requires administrative privileges.)

Qualifiers

/DOMAIN=domain-name

Specifies the name of the domain to which you want to log on. This is called the logon domain. By default, the domain name is the name of the local server's domain.

Examples

#1

 LANDOFOZ\\TINMAN> LOGON SCARECROW  "OverTheRainbow" 
 The server \\TINMAN successfully logged you on as Scarecrow. 
 Your privilege level on domain LANDOFOZ is user. 
 The last time you logged on was 10/08/00 07:48 PM. 
      

This example logs on the user named SCARECROW to the domain LANDOFOZ. Because the password contains lowercase letters, it is enclosed in quotation marks.

#2

 LANDOFOZ\\TINMAN> LOGON 
 Username: LION 
 Password: 
 The server \\TINMAN successfully logged you on as Lion. 
 Your privilege level on domain LANDOFOZ is ADMIN. 
 The last time you logged on was 10/08/00 07:50 PM. 
      

This example logs on the user named LION to the domain LANDOFOZ. Because the user name and password were not specified on the command line, prompts are issued. The password is not displayed as it is entered. If the password includes lowercase letters, do not include the password in quotation marks.


Previous Next Contents Index