USER_INFO_23 structure (lmaccess.h)
The USER_INFO_23 structure contains information about a user account, including the account name, the user's full name, a comment associated with the account, and the user's security identifier (SID).
The USER_INFO_23 structure supersedes the USER_INFO_20 structure. It is recommended that applications use the USER_INFO_23 structure instead of the USER_INFO_20 structure.
Syntax
typedef struct _USER_INFO_23 {
LPWSTR usri23_name;
LPWSTR usri23_full_name;
LPWSTR usri23_comment;
DWORD usri23_flags;
PSID usri23_user_sid;
} USER_INFO_23, *PUSER_INFO_23, *LPUSER_INFO_23;
Members
usri23_name
Type: LPWSTR
A pointer to a Unicode string that specifies the name of the user account. Calls to the NetUserSetInfo function ignore this member.
usri23_full_name
Type: LPWSTR
A pointer to a Unicode string that contains the full name of the user. This string can be a null string, or it can have any number of characters before the terminating null character.
usri23_comment
Type: LPWSTR
A pointer to a Unicode string that contains a comment associated with the user account. This string can be a null string, or it can have any number of characters before the terminating null character.
usri23_flags
Type: DWORD
This member can be one or more of the following values.
Note that setting user account control flags may require certain privileges and control access rights. For more information, see the Remarks section of the NetUserSetInfo function.
| Value | Meaning |
|---|---|
|
The logon script executed. This value must be set. |
|
The user's account is disabled. |
|
The home directory is required. This value is ignored. |
|
No password is required. |
|
The user cannot change the password. |
|
The account is currently locked out. You can call the NetUserSetInfo function to clear this value and unlock a previously locked account. You cannot use this value to lock a previously unlocked account. |
|
The password should never expire on the account. |
|
The user's password is stored under reversible encryption in the Active Directory. |
|
Marks the account as "sensitive"; other users cannot act as delegates of this user account. |
|
Requires the user to log on to the user account with a smart card. |
|
Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. |
|
This account does not require Kerberos preauthentication for logon. |
|
The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled. This setting allows a service running under the account to assume a client's identity and authenticate as that user to other remote servers on the network. |
|
The user's password has expired.
Windows 2000: This value is not supported. |
|
The account is trusted to authenticate a user outside of the Kerberos security package and delegate that user through constrained delegation. This is a security-sensitive setting; accounts with this option enabled should be tightly controlled. This setting allows a service running under the account to assert a client's identity and authenticate as that user to specifically configured services on the network.
Windows XP/2000: This value is not supported. |
The following values describe the account type. Only one value can be set. You cannot change the account type using the NetUserSetInfo function.
usri23_user_sid
Type: PSID
A pointer to a SID structure that contains the security identifier (SID) that uniquely identifies the user. The NetUserAdd and NetUserSetInfo functions ignore this member.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | lmaccess.h (include Lm.h) |