package Win32API::Net; use strict; use Carp; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $AUTOLOAD); require Exporter; require DynaLoader; @ISA = qw(Exporter DynaLoader); # Items to export into callers namespace by default. Note: do not export # names by default without a very good reason. Use EXPORT_OK instead. # Do not simply export all your public functions/methods/constants. @EXPORT = qw(); # don't pollute callees namespace %EXPORT_TAGS=( User => [ qw( FILTER_INTERDOMAIN_TRUST_ACCOUNT FILTER_NORMAL_ACCOUNT FILTER_SERVER_TRUST_ACCOUNT FILTER_TEMP_DUPLICATE_ACCOUNTS FILTER_WORKSTATION_TRUST_ACCOUNT USER_ACCT_EXPIRES_PARMNUM USER_AUTH_FLAGS_PARMNUM USER_CODE_PAGE_PARMNUM USER_COMMENT_PARMNUM USER_COUNTRY_CODE_PARMNUM USER_FLAGS_PARMNUM USER_FULL_NAME_PARMNUM USER_HOME_DIR_DRIVE_PARMNUM USER_HOME_DIR_PARMNUM USER_LAST_LOGOFF_PARMNUM USER_LAST_LOGON_PARMNUM USER_LOGON_HOURS_PARMNUM USER_LOGON_SERVER_PARMNUM USER_MAX_STORAGE_PARMNUM USER_NAME_PARMNUM USER_NUM_LOGONS_PARMNUM USER_PAD_PW_COUNT_PARMNUM USER_PARMS_PARMNUM USER_PASSWORD_AGE_PARMNUM USER_PASSWORD_PARMNUM USER_PRIMARY_GROUP_PARMNUM USER_PRIV_ADMIN USER_PRIV_GUEST USER_PRIV_MASK USER_PRIV_PARMNUM USER_PRIV_USER USER_PROFILE_PARMNUM USER_PROFILE_PARMNUM USER_SCRIPT_PATH_PARMNUM USER_UNITS_PER_WEEK_PARMNUM USER_USR_COMMENT_PARMNUM USER_WORKSTATIONS_PARMNUM USER_BAD_PW_COUNT_PARMNUM LG_INCLUDE_INDIRECT UF_ACCOUNTDISABLE UF_ACCOUNT_TYPE_MASK UF_DONT_EXPIRE_PASSWD UF_HOMEDIR_REQUIRED UF_INTERDOMAIN_TRUST_ACCOUNT UF_LOCKOUT UF_MACHINE_ACCOUNT_MASK UF_NORMAL_ACCOUNT UF_PASSWD_CANT_CHANGE UF_PASSWD_NOTREQD UF_SCRIPT UF_SERVER_TRUST_ACCOUNT UF_SETTABLE_BITS UF_TEMP_DUPLICATE_ACCOUNT UF_WORKSTATION_TRUST_ACCOUNT UserAdd UserChangePassword UserDel UserEnum UserGetGroups UserGetInfo UserGetLocalGroups UserModalsGet UserModalsSet UserSetGroups UserSetInfo )], Get => [ qw( GetDCName )], Group => [ qw( GROUP_ATTRIBUTES_PARMNUM GROUP_COMMENT_PARMNUM GROUP_NAME_PARMNUM GroupAdd GroupAddUser GroupDel GroupDelUser GroupEnum GroupGetInfo GroupGetUsers GroupSetInfo GroupSetUsers )], LocalGroup => [ qw( LOCALGROUP_COMMENT_PARMNUM LOCALGROUP_NAME_PARMNUM LocalGroupAdd LocalGroupAddMember LocalGroupAddMembers LocalGroupDel LocalGroupDelMember LocalGroupDelMembers LocalGroupEnum LocalGroupGetInfo LocalGroupGetMembers LocalGroupSetInfo LocalGroupSetMembers )], ); @EXPORT_OK= (); { my $ref; foreach $ref ( values(%EXPORT_TAGS) ) { push( @EXPORT_OK, @$ref ); } } $EXPORT_TAGS{ALL}= \@EXPORT_OK; $VERSION = '0.09'; sub AUTOLOAD { my $constname; ($constname = $AUTOLOAD) =~ s/.*:://; my $val = constant($constname, @_ ? $_[0] : 0); if ($! != 0) { if ($! =~ /Invalid/) { $AutoLoader::AUTOLOAD = $AUTOLOAD; goto &AutoLoader::AUTOLOAD; } else { croak "Your vendor has not defined Win32API::Net macro $constname"; } } eval "sub $AUTOLOAD { $val }"; goto &$AUTOLOAD; } bootstrap Win32API::Net $VERSION; 1; __END__ =head1 NAME Win32API::Net - Perl interface to the Windows NT LanManager API account management functions. =head1 SYNOPSIS use Win32API::Net; =head1 NOTE ON VERSIONS PRIOR TO 0.08 As of version 0.08 of this module, the behaviour relating to empty strings in input hashes has changed. The old behaviour converted such strings to the NULL pointer. The underlying API uses this value as an indication to not change the value stored for a given field. This meant that you were not able to clear (say) the logonScript field for a user using UserSetInfo(). The new behaviour is to leave the string as an empty C string which will allow fields to be cleared. To pass a NULL pointer to the underlying API call (and thus, to leave the field as it was), you need to set the corresponding field to C. WARNING: B. B. =head1 DESCRIPTION Win32API::Net provides a more complete wrapper for the account management parts of the NT LanManager API than do other similar packages. Most of what you can achieve with the native C++ API is possible with this package - albeit in a more Perl like manner by using references to pass information to and from functions. For an understanding of the environment in which these functions operate see L. The following groups of functions are available: =over 8 =item L =item L =item L =item L =back All functions return 0 on failure and 1 on success. Use the C function to find out more information on why a function failed. In addition, some functions that take a hash reference to pass information in (e.g. C) have a last argument that will allow more detailed information on which key/value pair was not properly specified. =head2 Using References References to hashes and arrays are used throughout this package to pass information into and out of functions. =over 8 =item Using Hash References Where a hash reference is required you can use anything that evaluates to a hash reference. e.g. $href = \%someHash; UserAdd(server, 2, $hRef); Or more directly: UserAdd(server, 2, \%someHash); =item Using Array references Array references are used in a similar manner to hash references. e.g. $aref = \@someArray; UserEnum(server, $aref); Or more directly: UserEnum(server, \@someArray); =back Please note: Any C<*Get*()> or C<*Enum()> operation will first clear the contents of the input hash or array being referenced. See L and the test.pl script for examples of usage. =head1 DATA STRUCTURES Most the the functions in the underlying API allow the programmer to pass specify at runtime the amount of information that is supplied to the function. For example, the C call allows the programmer to specify levels of 0, 1, 2, 3 (and others). Having specified this level, the function returns a structure that will contain different fields. For a level C<0>, the function returns a structure that has only one field. For a supplied level of 1, the function returns a structure with C<8> fields. The programmer needs to know in advance what fields should be provided or will be returned for a given level. This mechanism works very will since it effectively overloads functions without having to use different function prototypes. Perl provides better higher level data structures in the form of arrays and hashes. This package uses hashes as the means to pass these variable size structure into and out of functions. For any function that takes a reference to a hash as input, the programmer is expected to provide appropriate keys and corresponding values as well as the level parameter. The called function will then takes the values out of the supplied hash and build the approprite structure to pass to the underlying API function. For any function that takes a reference to a hash to recieve output, the function will first clear any keys an corresponding values in the supplied hash. It will call the underlying API call and will then return in the hash any keys and values that are applicable at the requested level. Example: The C can takes a number of levels. If called with level C<0> the supplied hash will, on return from the function, contain a single key and value - namely B/B. If called with a level of C<1> the supplied hash will, on return from the function, contain 8 keys and values. The returned keys are C, C, C, C, C, C, C. See L for more information on what these represent. =head1 EXPORTS By default, Win32API::Net exports no symbols into the callers namespace. The following tags can be used to selectively import symbols into the main namespace. =over 8 =item C<:User> Exports all symbols needed for the C functions. See L. =item C<:Get> Exports all symbols needed for the C functions. See L. =item C<:Group> Exports all symbols needed for the C functions. See L. =item C<:LocalGroup> Exports all symbols needed for the C functions. See L. =back =head1 NET USER FUNCTIONS The C functions operate on NT user accounts. Administrator or Account Operator group membership is required to successfully execute most of these functions on a remote server or on a computer that has local security enabled. Administrator privileges are required to add an Administrator Privilege account. There are some exceptions to this whereby a user can change some of their own settings where these don't conflict with 'administrative information' (e.g. full name). The C field can be the empty string, in which case the function defaults to running on the local computer. If you leave this field blank then you should ensure that you are running the function on a PDC or BDC for your current domain. Use the support function C to find out what the domain controller is, should you not be running this on the PDC. All functions in this section are 'DOMAIN functions'. This means that, for example, the C function actually lists the domain's local groups of which the named user is a member. The following functions are available. =head2 UserAdd(server, level, hash, error) Add a new user account. The user name is taken from the C-key's value in the supplied hash. =over 8 =item C - Scalar String The server on which to add the account. =item C - Scalar Int Level of information provided in hash. This can be either 1, 2 or 3. See L. =item C - Hash Reference The information to use to add this account. This should have all the appropriate keys and values required for C. =item C - Scalar Int Provides information on which field in the hash was not properly specified. See L for more information about what values this can take. =back =head2 UserChangePassword(server, user, old, new) Changes the password for C. If the policy of the machine/domain only allows password changes if the C is logged on then the C must be logged on to execute this function. With Administrator or Account Operator privilege you can use this function to change anyone's password, so long as you know the old password. =over 8 =item C - Scalar String The C on which to change the password. =item C - Scalar String The name of the C whose password is being changed. =item C - Scalar String The existing password for C. =item C - Scalar String The new password for C. =back =head2 UserDel(server, user) Deletes the specified C account. Administrator or Account Operator privilege is required to execute this function. =over 8 =item C - Scalar String The C on which to delete the C. =item C - Scalar String The C account to delete. =back =head2 UserEnum(server, array[, filter]) Enumerates all the accounts on server that satisfy C. Unlike the C function in the API, this function does not allow you to specify a level (internally it is hardcoded to 0). In Perl it is trivial to implement the equivalent function (should you need it) - see L. =over 8 =item C - Scalar String The C on which to enumerate the accounts satisfying C. =item C - Array Reference The array that will hold the names of all users on C whose accounts match C. =item C - Scalar Int (optional) The filter to apply (see L). This argument is optional and if not present a default of C is used. =back =head2 UserGetGroups(server, user, array) Get the global groups for which C is a member. It returns the group names in C. Unlike the C function in the API, this function does not allow you to specify a level (internally is hardcoded to 0). In Perl it is trivial to implement the equivalent function (in the unlikely event that you might need it). =over 8 =item C - Scalar String The C from which to get the groups of which C is a member. =item C - Scalar String The C whose group membership you wish to examine. =item C - Scalar String The array that will contain the group names to which C belongs. =back =head2 UserGetInfo(server, user, level, hash) Returns the information at the specified C for the named C in C. =over 8 =item C - Scalar String The C from which to get the requested information about C. =item C - Scalar String The C whose information you want. =item C - Scalar Int One of: 0, 1, 2, 3, 10, 11 and 20. See L. =item C - Hash Reference The hash that will contain the keys and values for the information requested. See L for information about which keys are present in a given level. =back =head2 UserGetLocalGroups(server, user, array[, flags]) Gets the names of the local groups of which C is a member. Unlike the C function in the API, this function does not allow you to specify a level. Since the underlying API restricts you to level 0 there really isn't any need to include it... =over 8 =item C - Scalar String The server from which to get the local groups of which C is a member. =item C - Scalar String The C whose local group membership you wish to enumerate. =item C - Array Reference The array that will hold the names of the local groups to which C belongs. =item C - Scalar Int (optional) Either C or 0. if C is omitted, the function internally uses 0. Specifying C will include in the list the names of the groups of which the C is indirectly a member (e.g. by being in a global group that is a member of a local group). This field can take no other values. =back =head2 UserModalsGet() This function is not currently implemented. =head2 UserModalsSet() This function is not currently implemented. =head2 UserSetGroups(server, user, array) Sets the (global) group membership for C to the specified groups. Unlike the API function C, this function does not take a C parameter (mainly because this option is largely redundant). =over 8 =item C - Scalar String The C on which you wish to set the group membership for C. =item C - Scalar String The C whose group membership you wish to set. =item C - Array Reference The array containing the (global) group names to set the Cs membership of. =back This function will fail if any of the group names specified do not exist. =head2 UserSetInfo(server, user, level, hash, error) Sets the info for C according to the information contained in C for C (see L). =over 8 =item C - Scalar String The C on which you wish to change the info for C. =item C - Scalar String The C whose info you wish to change. =item C - Scalar Int One of 0, 1, 2, 3, or 20 (according to Microsoft documentation). In practice, you can use all the 10xx levels as well to change most of the individual properties of the named C - although this may not be supported in future... =item C - Hash Reference The hash that will contain the necessary key/value pairs required for C (see L). =item C - Scalar Int Provides information on which field in C were not properly specified. See L for more information about what values can be returned in this field. =back =head1 NET GROUP FUNCTIONS The C functions all operate only on global groups. To modify local groups, use the corresponding C functions. Administrator or Account Operator group membership is required to successfully execute most of these functions on a remote server or on a computer that has local security enabled. The C field can be the empty string, in which case the function defaults to running on the local computer. If you leave this field blank then you should ensure that you are running the function on a PDC or BDC for your current domain. Use the support function C to find out what the domain controller is, should you not be running this on the PDC. The following functions are available. =head2 GroupAdd(server, level, hash, error) Adds the specified group. =over 8 =item C - Scalar String The C on which to add the group. =item C - Scalar String The C of information contained in C. This can be one of 0, 1 or 2. See L. =item C - Hash Reference A hash containing the required key/value pairs for C. =item C - Scalar Int Provides information on which field in C was not properly specified. See L for more information about what values can be returned in this field. =back =head2 GroupAddUser(server, group, user) Adds the specified C to the specified C. =over 8 =item C - Scalar String The C on which to add the C to C. =item C - Scalar String The C to add the C to. =item C - Scalar String The C to add to C. =back =head2 GroupDel(server, group) Deletes the specified global group. =over 8 =item C - Scalar String The C on which to delete the named C. =item C -Scalar String The C to delete. =back =head2 GroupDelUser(server, group, user) Deletes the specified user from the specified group. =over 8 =item C - Scalar String The C on which to delete C from C. =item C - Scalar String The C from which to delete C. =item C - Scalar String The C to delete from C. =back =head2 GroupEnum(server, array) Enumerates all the global groups on the server. Unlike the API call C, this function does not allow you to specify a level (internally it is hardcoded to 0). In Perl it is trivial to implement the equivalent function (should you need it). =over 8 =item C - Scalar String The server on which to enumerate the (global) C. =item C - Array Reference An array that, on return, will contain the C names. =back =head2 GroupGetInfo(server, group, level, hash) Retrieves C information for C returning information in C. =over 8 =item C - Scalar String The C from which to get the group information. =item C - Scalar String The C whose information you wish to obtain. =item C - Scalar Int The C of information you wish to retrieve. This can be one of 1, 2 or 3. See L. =item C - Hash Reference The hash that will contain the information. =back =head2 GroupGetUsers(server, group, array) Returns (in C) the users belonging to C. Unlike the API call C, this function does not allow you to specify a level (internally it is hardcoded to 0). In Perl it is trivial to implement the equivalent function (should you need it). =over 8 =item C - Scalar String The C from which to get the group information. =item C - Scalar String The C whose users you wish to obtain. =item C - Array Reference The array to hold the user names retrieved. =back =head2 GroupSetInfo(server, group, level, hash, error) Sets the information for C according to C. =over 8 =item C - Scalar String The C on which to set the C information. =item C - Scalar String The C whose information you wish to set. =item C - Scalar Int The C of information you are supplying in C. Level can be one of 0, 1 or 2. See L. =item C - Hash Reference The hash containing the required key/value pairs for C. =item C - Scalar String On failure, the C parameter will contain a value which specifies which field caused the error. See L. =back =head2 GroupSetUsers(server, group, array) Sets the membership of C to contain only those users specified in C. This function will fail if any user names contained in the array are not valid users on C. On successful completion C will contain only the users specified in C. Use the functions C to add and delete individual users from a group. =over 8 =item C - Scalar String The C on which to set the C membership. =item C - Scalar String The C to set the membership of. =item C - Array Reference The array containing the names of all users who will be members of C. =back =head1 NET LOCAL GROUP FUNCTIONS The C functions operate on local groups. If these functions are run on a PDC then these functions operate on the domains local groups. Administrator or Account Operator group membership is required to successfully execute most of these functions on a remote server or on a computer that has local security enabled. The C field can be the empty string, in which case the function defaults to running on the local computer. If you leave this field blank then you should ensure that you are running the function on a PDC or BDC for your current domain. Use the support function C to find out what the domain controller is, should you not be running this on the PDC. The following functions are available. =head2 LocalGroupAdd(server, level, hash, error) Adds the specified group. The name of the group is contained in the C key of C. =over 8 =item C - Scalar String The C on which to add the group. =item C - Scalar String The C of information contained in C. This can be one of 0 or 1. See L. =item C - Hash Reference A hash containing the required key/value pairs for C. =item C - Scalar Int Provides information on which field in C wasn't properly specified. See L for more information about what values this can take. =back =head2 LocalGroupAddMember() This function is obselete in the underlying API and has therefore not been implemented. Use C instead. =head2 LocalGroupAddMembers(server, group, array) Adds the specified users (members) to the local group. Unlike the API function C, this function does not allow you to specify a level (internally it is hardcoded to 3). This was done to simplify the implementation. To add a 'local' user, you need only specify the C. You can also specify users using the C syntax. =over 8 =item C - Scalar String The C on which to add the members to C. =item C - Scalar String The C to add the members to. =item C - Array Reference The array containing the members to add to C. =back =head2 LocalGroupDel(server, group) Delete the specified local group. =over 8 =item C - Scalar String The C on which to delete the named C. =item C -Scalar String The C to delete. =back =head2 LocalGroupDelMember() This function is obselete in the underlying API and has therefore not been implemented. Use C instead. =head2 LocalGroupDelMembers(server, group, array) Delete the specified users (members) of the local group. Unlike the API function C, this function does not allow you to specify a level (internally it is hardcoded to 3). This was done to simplify the implementation. To delete a 'local' user, you need only specify the C. You can also specify users using the C syntax. =over 8 =item C - Scalar String The C on which to delete the members from C. =item C - Scalar String The C to delete the members from. =item C - Array Reference The array containing the members to delete from C. =back =head2 LocalGroupEnum(server, array) Enumerates all the local groups on the server. Unlike the API call C, this function does not allow you to specify a level (internally it is hardcoded to 0). In Perl it is trivial to implement the equivalent function (should you need it). =over 8 =item C - Scalar String The server on which to enumerate the (local) C. =item C - Array Reference The array to hold the C names. =back =head2 LocalGroupGetInfo(server, group, level, hash) Retrieves C information for C. =over 8 =item C - Scalar String The C from which to get the group information. =item C - Scalar String The C whose information you wish to obtain. =item C - Scalar Int The C of information you wish to retrieve. This can be 0 or 1. See L. =item C - Hash Reference The hash that will contain the information. =back =head2 LocalGroupGetMembers(server, group, hash) Retrieves the users belonging to C. Unlike the API call C, this function does not allow you to specify a level (internally it is hardcoded to 0). In Perl it is trivial to implement the equivalent function (should you need it). =over 8 =item C - Scalar String The C from which to retrieve the group information. =item C - Scalar String The C whose users you wish to obtain. =item C - Array Reference The array to hold the user names retrieved. =back =head2 LocalGroupSetInfo(server, level, hash, error) Sets the information for C according to C. =over 8 =item C - Scalar String The C on which to set the C information. =item C - Scalar String The C whose information you wish to set. =item C - Scalar Int The C of information you are supplying in C. Level can be one of 0 or 1. See L. =item C - Hash Reference The hash containing the required key/value pairs for C. =item C - Scalar String On failure, the C parameter will contain a value which specifies which field caused the error. See L. =back =head2 LocalGroupSetMembers() This function has not been implemented at present. =head1 NET GET FUNCTIONS =head2 GetDCName(server, domain, domain-controller) Gets the C name for C and C. =over 8 =item C - Scalar String The C whose domain controller you wish to locate. =item C - Scalar String The C that C is a member of whose domain-controller you wish the locate. =item C - Scalar String (output) The name of the C for the requested C. =back Note: This module does not implement the CAPI function as this is obsolete. =head1 USER INFO LEVELS Most of the C functions take a C parameter. This C specifies how much detail the corresponding C should contain (or in the case of a C function, will contain after the call). The following C descriptions provide information on what fields should be present for a given level. See L for a description of the fields. =over 8 =item Level 0 name =item Level 1 name, password, passwordAge, priv, homeDir, comment, flags, scriptPath =item Level 2 name, password, passwordAge, priv, homeDir, comment, flags, scriptPath, authFlags, fullName, usrComment, parms, workstations, lastLogon, lastLogoff, acctExpires, maxStorage, unitsPerWeek, logonHours, badPwCount, numLogons, logonServer, countryCode, codePage =item Level 3 name, password, passwordAge, priv, homeDir, comment, flags, scriptPath, authFlags, fullName, usrComment, parms, workstations, lastLogon, lastLogoff, acctExpires, maxStorage, unitsPerWeek, logonHours, badPwCount, numLogons, logonServer, countryCode, codePage, userId, primaryGroupId, profile, homeDirDrive, passwordExpired =item Level 10 name, comment, usrComment, fullName =item Level 11 name, comment, usrComment, fullName, priv, authFlags, passwordAge, homeDir, parms, lastLogon, lastLogoff, badPwCount, numLogons, logonServer, countryCode, workstations, maxStorage, unitsPerWeek, logonHours, codePage =item Level 20 name, fullName, comment, flags, userId =item Level 21 B =item Level 22 B =item Level 1003 password =item Level 1005 priv =item Level 1006 homeDir =item Level 1007 comment =item Level 1008 flags =item Level 1009 scriptPath =item Level 1010 authFlags =item Level 1011 fullName =item Level 1012 usrComment =item Level 1013 parms =item Level 1014 workstations =item Level 1017 acctExpires =item Level 1018 maxStorage =item Level 1020 unitsPerWeek, logonHours =item Level 1023 logonServer =item Level 1024 countryCode =item Level 1025 codePage =item Level 1051 primaryGroupId =item Level 1052 profile =item Level 1053 homeDirDrive =back =head1 USER INFO FIELDS The following is an alphabetical listing of each possible field, together with the data type that the field is expected to contain. =over 8 =item C - Scalar Int (UTC) The time (as the number of seconds since 00:00:00, 1st January 1970) when the account expires. A -1 in this field specifies that the account never expires. =item C - Scalar Int (See USER_AUTH_FLAGS). The level of authority that this use has. The value this can take depends on the users group membership - this value is therefore read only and cannot be set using C or C. Its value can be one of: =back User belongs to group Flag value --------------------- ---------- Print Operators Win32API::Net::AF_OP_PRINT() Server Operators Win32API::Net::AF_OP_SERVER() Account Operators Win32API::Net::AF_OP_ACCOUNTS() =over 8 =item C - Scalar Int The number of times that the user has failed to logon by specifying an incorrect password. =item C - Scalar Int The code page that this user uses. =item C - Scalar String The comment associated with this user account. This can be any string (apparently of any length). =item C - Scalar Int The country code that this user uses. =item C - Scalar Int (Bitwise OR of USER_FLAGS) The flags for this user. See L. =item C - Scalar String The users' full name. =item C - Scalar String The home directory of the user. This can be either a UNC path or an absolute path (drive letter + path). Can be the empty string (""). =item C - Scalar String The home directory drive that the users home directory is mapped to (assuming that the specified home directory is a UNC path). =item C - Scalar Int (UTC) The time (as the number of seconds since 00:00:00, 1st January 1970) that the user last logged on. =item C - Scalar Int (UTC) The time (as the number of seconds since 00:00:00, 1st January 1970) that the user last logged off . =item C - Reference to Array of Integers (length 21 elements) The times at which the user can logon. This should be an integer array with 21 elements. Each element represents an 8 hour period and each bit represents represents an hour. Only the lower byte of each integer is used. If this is left undefined then no restrictions are placed on the account. =item C - Scalar String The logon server for this user. Under Windows NT, this value cannot be set and will always have the value '\\*' when queried. =item C - Scalar Int The current release of Windows NT does not implement disk quotas so it is believed that the value of this key is ignored. =item C - Scalar String The user name that this request applies to. Most of the functions take the user name as a separate argument. In general, the user name provided should be the same as that in the one provided in the hash. =item C - Scalar Int The number of times that the named user has successfully logged on to this machine/domain. =item C - Scalar String The value of this key can be used by applications. There are none known to to author that use it, although it could be used to hold adminitrative information. =item C - Scalar String The password to be set. The password is never returned in a C operation. =item C - Scalar Int (UTC) The current age of the password (stored as the number of seconds since 00:00:00, 1st January 1970). =item C - Scalar Int The value of this key is used in two different ways. When queried via C the return value is 0 is the password has not expired and 1 if it has. When setting the value via C or C a value of 0 indicates that the users' password has not expired whereas a value of 1 will force the user to change their password at the next logon. =item C - Scalar Int The id of the primary group that this user belongs to. When creating accounts with C you should use a value of 0x201. =item C - Scalar Int (Bitwise OR of USER_PRIVILEGE_FLAGS) The privilege level that this user has. This is never returned from a C call. See L. =item C - Scalar String The profile that is associated with the named user. This can be UNC path, a local path or undefined. =item C - Scalar String The path to the logon script for this user. This should be specified as a relative path and will cause the logon script to be run from (relative location) in the logon servers export directory. =item C - Scalar Int The value of this key represents the granularity of the logonHours array. Its use is beyond the scope of this package. =item C - Scalar String The user comment field (contrasted with the comment field ;-). =item C - Scalar String A comma-separated string containing upto 8 workstation that the named user can login to. Setting a value for this key will then allow the named user to login to only those computers named. =item C - Scalar Int The user id associated with this user This value is generated by the system and cannot be set or changed using the C or C calls. =back =head1 USER FLAGS The following is an alphabetical listing of the user flags. The C key (see L) should be the bitwise OR of one or more of these values. =over 8 =item C This account has been disabled. =item C Never expire the password on this account. =item C A home directory must be specified (ignored for NT). =item C The account represents a interdomain trust account. =item C Lock out this account (or this account has been locked out due to security policy - i.e. badLogonCount is greater than your policy allows). This value can be cleared but not set by a C call. =item C The account is a normal user account. =item C The password for this account cannot be changed (execpt by an Administrator using one of the above calls). =item C A password is not required for this account. =item C This must be set when creating account on Windows NT. =item C The account represents a Windows NT Backup Domain Controller account in the domain. =item C To quote the Microsoft Documentation "This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. The User Manager refers to this account type as a local user account. =item C The account represents a computer account for a workstation or server in the domain. =back Please note that these are implemented as functions and are therefore called in the same way as other functions. You should typically use them like: $ufScript = Win32API::Net::UF_SCRIPT(); =head1 USER PRIVILEGE FLAGS These following values are used in the C key. This field is never initialised on a C call and once set cannot be changed in a C call. =over 8 =item C Account is an an administrative account. =item C Account is a guest account. =item C Account is a user account. =back Please note that these are implemented as functions and are therefore called in the same way as other functions. You should typically use them like: $userPrivUser = Win32API::Net::USER_PRIV_USER(); =head1 USER ENUM FILTER These flags are used in the C function to specify which accounts to retrieve. It should be a bitwise OR of some (or all) of the following. =over 8 =item C Show temporary duplicate account (one presumes). =item C Show normal user account. =item C Show interdomain trust accounts. =item C Show workstation trust accounts. =item C Show server trust accounts. =back Please note that these are implemented as functions and are therefore called in the same way as other functions. You should typically use them like: $filterNormalAccounts = Win32API::Net::FILTER_NORMAL_ACCOUNT(); =head1 USER FIELD ERRORS For the C functions that take an C parameter this variable will, on failure, contain one of the following constants. Note that the function may fail because more than one key/value was missing from the input hash. You will only find out about the first one that was incorrectly specified. This is only really useful in debugging. =over 8 =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =back =head1 GROUP INFO LEVELS Some of the C functions take a C parameter. This C specifies how much detail the corresponding C should contain (or in the case of a C function, will contain after the call). The following C descriptions provide information on what fields should be present for a given level. See L for a description of the fields. =over 8 =item C name. =item C name, comment. =item C name, comment, groupId, attributes. =item C comment. =item C attributes. =back =head1 GROUP INFO FIELDS =over 8 =item C - Scalar Int The attributes of the group. These are no longer settable in Windows NT 4.0 and they are not currently supported in this package either. =item C - Scalar String The C that applies to this group. This is the only value that can be set via a GroupSetInfo call. =item C - Scalar Int The groups Id. =item C - Scalar String The groups name. =back =head1 GROUP FIELD ERRORS For the C functions that take an C parameter this variable will, on failure, contain one of the following constants. Note that the function may fail because more than one key/value was missing from the input hash. You will only find out about the first one that was incorrectly specified. This is only really useful for debugging purposes. =over 8 =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =item C C field was absent or not correctly specified. =back =head1 GROUP USERS INFO LEVELS The C function can take a level of 0 or 1. These will return the following: =over 8 =item C name. =item C name, attributes. =back =head1 GROUP USERS INFO FIELDS =over 8 =item C - Scalar String The user's name. =item C - Scalar Int The attributes of the group. These are no longer settable in Windows NT 4.0 and they are not currently supported in this package either. =back =head1 LOCAL GROUP INFO LEVELS =over 8 =item C name =item C name, comment =item C comment =back =head1 LOCAL GROUP INFO FIELDS =over 8 =item C - Scalar String The groups name =item C - Scalar String The groups 'comment' =back =head1 LOCAL GROUP FIELD ERRORS For the C functions that take an C parameter this variable will, on failure, contain one of the following constants. Note that the function may fail because more than one key/value was missing or incorrectly specified in the input hash. You will only find out about the first one that was incorrectly specified. This is only really useful for debugging purposes. =over 8 =item C The C field was absent or not correctly specified. =item C The C field wasabsent or not correctly specified. =back =head1 EXAMPLES The following example shows how you can create a function in Perl that has the same functionality as the C API call. The Perl version doesn't have the level parameter so you must first use the C function to retrieve all the account names and then iterate through the returned array issuing C calls. sub userEnumAtLevel { my($server, $level, $filter) = @_; my(@array); Win32API::Net::UserEnum($server, \@array, $filter); for $user (@array) { Win32API::Net::UserGetInfo($server, $user, $level, \%hash); print "This could access all level $level settings for $user - eg fullName $hash{fullName}\n"; } } userEnumAtLevel("", 2, 0); =head1 AUTHOR Bret Giddings, =head1 SEE ALSO C =head1 ACKNOWEDGEMENTS This work was built upon work done by HiP Communications along with modifications to HiPs code by and . In addition, I would like to thank Jenny Emby at GEC Marconi, U.K. for proof reading this manual page and making many suggestions that have led to its current layout. Last but not least I would like to thank Larry Wall and all the other Perl contributors for making this truly wonderful language. =cut