Digital PDFs

AA-R6G5C-TE

May 2001

228 pages

Original

0.4MB

Document:	Compaq Advanced Server for OpenVMS Commands Reference Manual
Order Number:	AA-R6G5C-TE
Revision:	0
Pages:	228
Original Filename:	ADSRV_CMND_REF_MAN.PDF

OCR Text

Compaq Advanced Server for OpenVMS
Commands Reference Manual
Order Number: AA–R6G5C–TE

March 2001
This manual provides command syntax descriptions for all ADMINISTER
commands available with the Advanced Server for OpenVMS.

Revision/Update Information:

This manual supersedes the Commands
Reference Manual, AA–R6G5B–TE.

Operating System Version:

OpenVMS Alpha Version 7.2-1, 7.1-2, 6.2
OpenVMS VAX Version 7.2, 7.1, 6.2

Software Versions:

Advanced Server V7.3 for OpenVMS
PATHWORKS V6.0C for OpenVMS
(Advanced Server)

Compaq Computer Corporation
Houston, Texas

Compaq, the Compaq logo, VAX, and VMS Registered in U.S. Patent and Trademark Office.
AlphaStation, DEC, DECnet, DECwindows, PATHWORKS, OpenVMS, and POLYCENTER are
trademarks of Compaq Information Technologies Group, L.P. in the United States and other
countries.
Microsoft, MS–DOS, Windows, and Windows NT are trademarks of Microsoft Corporation in the
United States and other countries.
Intel is a trademark of Intel Corporation in the United States and other countries.
UNIX is a trademark of The Open Group in the United States and other countries.
All other product names mentioned herein may be trademarks of their respective companies.
Confidential computer software. Valid license from Compaq required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer
Software Documentation, and Technical Data for Commercial Items are licensed to the U.S.
Government under vendor’s standard commercial license.
Compaq shall not be liable for technical or editorial errors or omissions contained herein. The
information in this document is provided "as is" without warranty of any kind and is subject
to change without notice. The warranties for Compaq products are set forth in the express
limited warranty statements accompanying such products. Nothing herein should be construed
as constituting an additional warranty.
ZK6544
The Compaq Advanced Server for OpenVMS documentation set is available on CD–ROM.

This document was prepared using VAX DOCUMENT Version 2.1.

Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

vii

1 Overview
1.1
1.2

ADMINISTER Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Net Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1–1
1–1

2 ADMINISTER Commands
2.1
Invoking the ADMINISTER User Interface . . . . . . . . . . . . . . . . .
2.1.1
Local and Remote Administration . . . . . . . . . . . . . . . . . . . . .
2.1.2
Member Server Local Database Administration . . . . . . . . . . .
2.1.2.1
Administering the Member Server’s Local Database . . . .
2.1.2.2
ADMINISTER Command Variances on Member
Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.3
Privileges Required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.4
Understanding Command Syntax . . . . . . . . . . . . . . . . . . . . .
2.1.5
Case Sensitivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.6
Using Passwords with Commands . . . . . . . . . . . . . . . . . . . . .
2.1.7
Using Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.1.8
Administering the Advanced Server Using Batch Jobs . . . . .
2.1.9
Universal Naming Convention (UNC) for Path Names . . . . .
2.1.10
Extended Character Set Characters . . . . . . . . . . . . . . . . . . . .
2.1.11
Parameter Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD COMPUTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD GROUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD HOSTMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD PRINT QUEUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD SHARE/DIRECTORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD SHARE/PRINT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD TRUST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ADD USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2–1
2–3
2–3
2–4
2–5
2–6
2–6
2–7
2–7
2–8
2–9
2–9
2–9
2–10
2–14
2–16
2–19
2–21
2–24
2–29
2–32
2–35
iii

CLEAR EVENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CLOSE OPEN_FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CLOSE SESSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTINUE PRINT QUEUE . . . . . . . . . . . . . . . . . . . . . . . . . . . .
CONTINUE SERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
COPY GROUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
COPY USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
EXIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
HELP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LOGIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LOGOFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LOGON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
LOGOUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MODIFY GROUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MODIFY SHARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
MODIFY USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
NET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAUSE PRINT QUEUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAUSE SERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE COMPUTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE GROUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE HOSTMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE PRINT QUEUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE SHARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE TRUST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
REMOVE USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SAVE EVENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SEND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET ACCOUNT POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET ADMINISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET AUDIT POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET COMPUTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET PASSWORD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET PRINT JOB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SET PRINT QUEUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2–42
2–44
2–46
2–48
2–49
2–50
2–53
2–60
2–61
2–63
2–64
2–65
2–67
2–68
2–70
2–76
2–82
2–84
2–86
2–88
2–90
2–92
2–94
2–96
2–98
2–101
2–103
2–105
2–107
2–111
2–114
2–117
2–121
2–129
2–133
2–135
2–137

SHOW ACCOUNT POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW ADMINISTRATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW AUDIT POLICY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW COMPUTERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW CONNECTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW EVENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW FILES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW GROUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW HOSTMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW MODE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW OPEN_FILES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW PRINT JOBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW PRINT QUEUES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW SERVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW SESSIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW SHARES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW TRUSTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW USERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SHOW VERSION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
START SERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
STOP SERVICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TAKE FILE OWNERSHIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
TELL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2–141
2–143
2–145
2–147
2–151
2–154
2–158
2–161
2–164
2–166
2–167
2–169
2–171
2–173
2–175
2–177
2–181
2–182
2–186
2–187
2–188
2–190
2–192

3 Net Commands and ADMINISTER Command Equivalents
3.1

Command Mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3–1

Disallowed or Restricted Commands When Administering a
Member Server’s Local Database . . . . . . . . . . . . . . . . . . . . . .
ADMINISTER Command Parameter Restrictions . . . . . . . . .

2–5
2–11

Index
Tables
2–1
2–2

Preface
Welcome to the Compaq Advanced Server for OpenVMS Commands Reference
Manual. For the purposes of this text, the product is referred to as the
Advanced Server. The information presented in this guide is equally applicable
to:
•

Advanced Server V7.3 for OpenVMS

•

PATHWORKS V6.0C for OpenVMS (Advanced Server)

Usage of the term ‘‘Advanced Server’’ in this manual refers to either version
of the file and print server, except when the text explicitly specifies a version
number.
The Advanced Server and its associated OpenVMS system platform provide a
powerful, reliable, and open operating environment that meets the demands of
client/server computing. This manual provides reference material to help you
manage and maintain your network using the Advanced Server ADMINISTER
command-line interface.

Intended Audience
This manual is for the Advanced Server for OpenVMS server administrator.
As the administrator, you must be familiar with the Compaq OpenVMS
operating system to support the server and with other operating systems to
support clients. It is also expected that you have experience doing network
administration, and that you are familiar with OpenVMS DCL command
language syntax and the specific network configuration being managed. You
are assumed to have read the other documents in the Advanced Server for
OpenVMS set and to have access to documentation for any clients running
other operating systems.

vii

Document Structure
This document contains the following chapters:
Chapter

Description

Chapter 1, Overview

Provides an overview of this guide

Chapter 2, ADMINISTER Commands

Describes the function and syntax of all
ADMINISTER commands for managing the
Advanced Server

Chapter 3, Net Commands and
ADMINISTER Command Equivalents

Lists PATHWORKS V5 for OpenVMS
(LAN Manager) Net commands and their
ADMINISTER command equivalents

Related Documents
The following table lists related Advanced Server for OpenVMS documents:
Document

Description

Compaq Advanced Server for
OpenVMS Server Installation
and Configuration Guide

Explains how to install and configure Advanced
Server software

Compaq Advanced Server
for OpenVMS Concepts and
Planning Guide

Provides an overview of and introduction to
the Advanced Server software and associated
networking concepts for system administrators and
operators

Compaq Advanced Server for
OpenVMS Server Administrator’s
Guide

Explains how to manage and customize the
Advanced Server software

Compaq Advanced Server for
OpenVMS Guide to Managing
Advanced Server Licenses

Describes the License Server software and how to
manage Advanced Server licenses

The following table lists related PATHWORKS for OpenVMS (Advanced
Server) documents:

viii

Document

Description

Compaq PATHWORKS for OpenVMS
(Advanced Server) Server Migration
Guide

Explains how to upgrade a PATHWORKS
V5 for OpenVMS (LAN Manager) server to
PATHWORKS V6 for OpenVMS (Advanced
Server)

Compaq PATHWORKS for OpenVMS
(Advanced Server) Server Installation
and Configuration Guide

Explains how to install and configure
PATHWORKS for OpenVMS (Advanced
Server) software

Compaq Advanced Server for OpenVMS
Concepts and Planning Guide

Provides an overview of and introduction to
the PATHWORKS for OpenVMS (Advanced
Server) software and associated networking
concepts for system administrators and
operators

Compaq PATHWORKS for OpenVMS
(Advanced Server) Server Administrator’s
Guide

Explains how to manage and customize
the PATHWORKS for OpenVMS (Advanced
Server) software

Compaq Advanced Server for OpenVMS
Guide to Managing Advanced Server
Licenses

Describes the License Server software
and how to manage PATHWORKS for
OpenVMS (Advanced Server) licenses

The following table lists related Compaq OpenVMS documents:
OpenVMS Document

Description

OpenVMS Alpha Version 7.1 Upgrade
and Installation Manual

Describes how to install the OpenVMS
Alpha V7.1 system software

OpenVMS Alpha Version 7.2 Upgrade
and Installation Manual

Describes how to install the OpenVMS
Alpha V7.2 system software

OpenVMS VAX Version 7.1 Upgrade and
Installation Manual

Describes how to install the OpenVMS VAX
V7.1 system software

OpenVMS VAX Version 7.2 Upgrade and
Installation Manual

Describes how to install the OpenVMS VAX
V7.2 system software

OpenVMS System Manager’s Manual

A task-oriented guide (in two volumes) to
managing an OpenVMS system; describes
how to set up the required system services

OpenVMS System Management Utilities
Reference Manual

A reference guide (in two volumes) to the
utilities and tools used in managing an
OpenVMS system

OpenVMS License Management Utility
Manual

Explains how to load and manage license
Product Authorization Keys (PAKs)

OpenVMS Guide to Extended File
Specifications

Describes Extended File Specifications on
OpenVMS, including how to set up and
enable the ODS-5 file system

OpenVMS DCL Dictionary: A–M,
OpenVMS DCL Dictionary: N–Z

Provide detailed reference information and
examples for OpenVMS DCL commands
and lexical functions

Compaq C Run-Time Library Utilities
Reference Manual

Describes utilities that help you manage
localization and time zone data for
international software applications

OpenVMS Connectivity Developer’s Guide

Contains COM for OpenVMS, OpenVMS
Registry, and OpenVMS Events information

For additional information about OpenVMS products and services, access the
following World Wide Web address:
http://www.openvms.compaq.com/

Reader’s Comments
Compaq welcomes your comments on this manual. Please send comments to
either of the following addresses:
Internet

openvmsdoc@compaq.com

Mail

Compaq Computer Corporation
OSSG Documentation Group, ZKO3-4/U08
110 Spit Brook Rd.
Nashua, NH 03062-2698

How To Order Additional Documentation
Use the following World Wide Web address to order additional documentation:
http://www.openvms.compaq.com/
If you need help deciding which documentation best meets your needs, call
800-282-6672.

Conventions
The following conventions are used in the Advanced Server documentation
set:
Convention

Meaning

Advanced Server

Advanced Server refers to PATHWORKS Advanced Server as
well as Advanced Server for OpenVMS file server.

italic text

Italic text indicates a place holder for information or parameters
that you must provide. For example, if the procedure asks you to
type file-name, you must type the actual name of a file.
Italic text also indicates path names, new terms, and the titles of
other documents referenced.

monospace text

Monospace text indicates the actual commands, words, or
characters that you type in a dialog box or at a command prompt
or system output.

UPPERCASE
TEXT

Uppercase text indicates names of OpenVMS and Advanced
Server for OpenVMS commands and qualifiers. You can enter
commands and qualifiers in any combination of uppercase and
lowercase letters, unless otherwise noted.

A forward slash in command descriptions indicates that a
command qualifier follows.

Convention

Meaning

An equal sign ( = ) in command descriptions indicates you must
provide information.

[]

In command format descriptions, brackets indicate optional
elements. Multiple elements are separated by vertical bars ( | ).
You can enter as many as you want.

{}

In command format descriptions, braces indicate you must enter
at least one listed element. The elements are separated by bars
( | ).

...

A horizontal ellipsis following an entry in a command line
indicates that the entry or a similar entry can be repeated any
number of times. An ellipsis following a file name indicates that
additional parameters, values, or information can be entered.
.
.
.

A vertical ellipsis in an example indicates that not all the data is
shown.

Note

The use of Note indicates information of special importance.

Ctrl/x

While you hold down the Ctrl key, press another key or a
pointing device button.

Return or Enter

In text, Return or Enter indicates where you should press the
Return or Enter key to execute a command or terminate a
sequence. This key is labeled Return or Enter, depending on
your keyboard.

Tab

In examples, a key name enclosed in a box indicates that you
press a key on the keyboard. (In text, a key name is not enclosed
in a box.)
In the HTML version of this document, this convention appears
as brackets, rather than a box.

PF1 x

xii

A sequence such as PF1 x indicates that you must first press and
release the key labeled PF1 and then press and release another
key or a pointing device button.

1
Overview
The Advanced Server for OpenVMS software provides a flexible system for
managing wide area networks (WANs) and local area networks (LANs). The
Advanced Server enables you to use Compaq computers as servers to share
network resources with supported clients and is fully compatible with Windows
NT servers running in the same network.
The Advanced Server is an OpenVMS-based network operating system (NOS)
fully compatible with Microsoft networking technology.

1.1 ADMINISTER Commands
You use the Advanced Server command-line interface (ADMINISTER
commands) to manage your network from an Advanced Server. This manual
provides full descriptions of the ADMINISTER commands with examples;
commands are presented in alphabetical order. Task-oriented procedures using
these commands are described in your Server Administrator’s Guide.

1.2 Net Commands
PATHWORKS V5 for OpenVMS (LAN Manager) uses the Net commandline interface (Net commands) to perform some functions for managing
your network. With the Advanced Server, Net commands are obsolete.
Their functions are now available using ADMINISTER commands. The
ADMINISTER command-line interface provides a subset of the Net commands
for backward compatibility. This feature enables users to migrate to the new
command syntax.
Chapter 3, Net Commands and ADMINISTER Command Equivalents, in this
manual provides a list of the Net commands and the ADMINISTER commands
that provide the same functions. Use the ADMINISTER commands in place of
Net commands to manage your network.

Overview 1–1

2
ADMINISTER Commands
You manage the Advanced Server from your OpenVMS system using
the ADMINISTER command with its command-line interface. Some
commands require privileges (group membership), described in your Server
Administrator’s Guide.
You can also use programs available through Windows NT server
administration tools to manage the Advanced Server. In the context of
this manual, as administrator you are an OpenVMS system manager.
This chapter lists commands that are available in the Advanced Server
and also summarizes syntax and usage conventions. You can also use the
ADMINISTER Help file for information on these commands. To access
ADMINISTER Help, enter ADMINISTER HELP at the DCL system prompt:
$ ADMINISTER HELP

2.1 Invoking the ADMINISTER User Interface
You control many aspects of the Advanced Server with the ADMINISTER
command-line interface. You can invoke the ADMINISTER user interface in
one of two ways:
•

You invoke the command-line interface by typing ADMINISTER at the
OpenVMS system prompt. The command-line interface prompts you with
the name of the domain and the name of the server you are managing. For
example:
$ ADMINISTER
LANDOFOZ\\TINMAN>
In this example, you are managing a domain called LANDOFOZ, and a
server called TINMAN.

ADMINISTER Commands 2–1

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
•

You can also execute ADMINISTER commands on the DCL command line
in the following form:
$ ADMINISTER SHOW SHARES
Shared resources on server "TINMAN":
Name
-----------NETLOGON
HANKP
PLOUGH
PWLIC
PWLICENSE
PWUTIL
USERS

Type
--------Directory
Printer
Printer
Directory
Directory
Directory
Directory

Description
----------------------------Logon Scripts Directory
Hank’s print share
Scarecrow’s print share
PATHWORKS Client License Software
PATHWORKS Client License Software
PATHWORKS Client-based Utilities
Users Directory

Total of 7 shares
When invoked as shown in this example, the command-line interface
executes a single command and returns you to the OpenVMS system
prompt.
Once you have invoked the command-line interface, you can enter any number
of commands. This way of using the command-line interface provides for better
system response than entering commands from the OpenVMS prompt.
You can enter commands with parameters and qualifiers on a single line as
shown in this example:
$ ADMINISTER ADD COMPUTER DOROTHY/DOMAIN=LANDOFOZ/ROLE=BACKUP
In some cases, you will be prompted for parameters that you did not enter. For
example, if you did not enter the user name with the LOGON command, you
will be prompted for it:
LANDOFOZ\\TINMAN> LOGON
Username:
Although the software may prompt for required parameters, do not rely on
the software to prompt you for all required information. Be sure to enter
all required information, except for passwords, on the command line. For
information about entering passwords, see Section 2.1.6, Using Passwords with
Commands.

2–2 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface

2.1.1 Local and Remote Administration
You can use the ADMINISTER command-line interface to administer the local
computer, as well as any other compatible servers on the network to which you
have access. By default, you are set up to administer the local server and the
domain to which it belongs. You can administer a remote server and domain in
one of three ways:
•

Change the default domain or server using the SET ADMINISTRATION
command. This command causes all further commands to be directed to
the new default domain or server.
You can also change the default domain by using the LOGON command to
log into the specific domain. Again, all subsequent commands affect the
specified domain. The server name is set to the local server if the local
server is a member of the logged on domain. It is set to the name of the
primary domain controller of the specified domain if the local server is not
a member of the specified domain.
The default domain remains in effect for the duration of the current
OpenVMS login session, or until you log off the domain or change the
default domain.

•

Direct an individual command to a specified domain or server using
the /DOMAIN or /SERVER command qualifiers. Refer to the command
descriptions in this manual to determine which commands support the
/DOMAIN and /SERVER qualifiers.

•

If the server you wish to administer is a downlevel server (a server
such as the PATHWORKS LAN Manager server, which runs an earlier
network operating system than that of the Advanced Server), use the
TELL command. The TELL command sends an entire command line to a
specified server to be executed at the server.

2.1.2 Member Server Local Database Administration
Using ADMINISTER commands on a member server (or directing them to a
member server), you can manage the domain-wide security accounts database
as you would from any domain controller. Although a member server does not
store or maintain the domain-wide database, it still has access to the benefits
of the centralized, domain-wide database.
You can also manage a member server’s local security accounts database. You
can do so by logging directly into the server’s local database, or setting the
default to that database, as explained in Section 2.1.2.1, Administering
the Member Server’s Local Database. However, certain ADMINISTER
commands will be restricted. Certain objects, such as global groups and
trusts, are manageable only when logged into a domain controller’s domain.
ADMINISTER Commands 2–3

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
Section 2.1.2.2, ADMINISTER Command Variances on Member Servers, lists
the ADMINISTER commands that are not allowed, or that provide restricted
capabilities. The information in both of these sections applies to workstations
as well as member servers.
2.1.2.1 Administering the Member Server’s Local Database
Unless you have changed the default to the member server’s local database,
ADMINISTER commands normally operate domain-wide — that is, on the
domain to which the member server belongs. For example, if you enter the
ADMINISTER command on member server WIZARD in domain LANDOFOZ,
the ADMINISTER prompt displays domain LANDOFOZ and server WIZARD,
as shown:
$ ADMINISTER
LANDOFOZ\\WIZARD>
To manage a member server’s local database, you must log in, or change the
default domain to the local database. To do so, specify for the domain name
the member server’s name preceded by two backslashes (\\). The following
example shows how to specify the SET ADMINISTRATION command to
administer member server WIZARD’s local domain database:
LANDOFOZ\\TINMAN> SET ADMINISTRATION/DOMAIN=\\WIZARD
%PWRK-S-ADMSET, now administering domain "\\WIZARD", server "WIZARD"
\\WIZARD\\WIZARD>
As shown, when you administer the member server’s local domain database,
the ADMINISTER prompt displays the domain name preceded by two
backslashes, and the domain name is the same as the name of the member
server.
In an OpenVMS Cluster in which the Advanced Servers are member servers,
you can optionally specify for the domain name the Advanced Server cluster
alias name, preceded by two backslashes. When administering a clustered
member server’s local database, the ADMINISTER prompt displays the cluster
alias name as the domain (preceded by two backslashes). For the server name,
unless you specified a specific server name, the prompt displays the name of
the cluster member that responded first to the ADMINISTER interface.

2–4 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
2.1.2.2 ADMINISTER Command Variances on Member Servers
As mentioned previously, member servers do not maintain or manage the
domain-wide security accounts database and cannot manage or display
certain objects, such as global groups, primary groups, and trusts. Table 2–1,
Disallowed or Restricted Commands When Administering a Member Server’s
Local Database, lists the commands that are not allowed, or are restricted
when, administering the member server’s local domain database. If you
attempt to use these commands in such circumstances, the following error
message will be displayed:
%PWRK-E-DCONLY, operation is only valid to a Domain Controller
The affected commands are categorized by each of the following management
objects: COMPUTER, GROUP, TRUST, and USER.
Table 2–1 Disallowed or Restricted Commands When Administering a
Member Server’s Local Database
Object

Command

Restriction

COMPUTER

ADD

Not allowed

REMOVE

Not allowed

SET

Not allowed with the /ACCOUNT_
SYNCHRONIZE or /ROLE= qualifiers

SHOW

When you do not specify a computer name
with the command, it displays information
about the member server only (the computer
you are managing) rather than about all the
computers in the domain; note that the
display symbol for a member server is [SV]

GROUP

ADD, COPY, MODIFY,
REMOVE, SHOW

Do not use for global groups, or with the
/GLOBAL or /PRIMARY_GROUP qualifiers;
GROUP commands manage local groups
only

TRUST

ADD, REMOVE,
SHOW

Not allowed

USER

ADD, COPY, MODIFY

Do not use with the /PRIMARY_GROUP
qualifier; the ADD USER command adds
the user to the Users local group; these
commands manage memberships in local
groups only

REMOVE, SHOW

These commands manage memberships
in local groups only; the SHOW USERS
command does not display the primary
group or memberships in global groups

ADMINISTER Commands 2–5

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface

2.1.3 Privileges Required
Some of your network users may be designated as Account Operators, Print
Operators, or Server Operators. These users have limited administrative or
operator privileges that enable them to perform specific tasks. If you have
different operators responsible for parts of your network and you do not want
to assign them full administrative privileges, then make them members of
groups only at the server being administered.
Required privileges are included in the command descriptions in this manual.

2.1.4 Understanding Command Syntax
In this manual, command syntax for ADMINISTER commands is denoted as
follows:
•

An option enclosed in braces ( { } ) is required. For example, {YES | NO}
indicates that you must specify either YES or NO when using the
command.

•

An option enclosed in brackets ( [ ] ) is optional. For example, [password]
indicates that a password can be used with the command if desired, but it
is not required.

•

When a vertical bar ( | ) separates items within braces or brackets, select
only one option. For example, the following list indicates that you must
select only one of the options:
{/HOLD | /RELEASE | /DELETE}

•

When an ellipsis ( . . . ) appears in a syntax statement, you can repeat the
previous item. For example, /FLAGS=(option, . . . ) indicates that you can
specify more than one option, with a comma between the flag options.

•

Be sure to type slashes ( / ), backslashes ( n ), commas ( , ), double quotes
( " ), equal signs ( = ), colons ( : ), parentheses ( ), semicolons ( ; ), spaces ( ),
and asterisks ( * ) as they are shown.

•

When you finish typing a command, press Return or Enter.

•

If you are typing a long command string, do not press Return when
your cursor gets to the edge of your screen; the cursor wraps around
and continues on the next line of your screen. Press Return only after
you finish typing the entire command string. Or, enter multiple line
command strings; use a hyphen (-) at the end of the line as the continuation
character.

2–6 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
In general, the ADMINISTER command syntax conforms to the OpenVMS
DCL command conventions. Refer to the OpenVMS DCL Dictionary for more
information.

2.1.5 Case Sensitivity
Due to the behavior of OpenVMS, all parameters and qualifier values entered
on the command line are converted to uppercase characters when they are
processed by the user interface. If you wish to preserve case, or you wish
to enter any value that contains blanks (spaces) or any nonalphanumeric
characters, you must enclose the value in quotation marks. This is not
necessary, however, if you are prompted for additional information after
entering a command.
For further information, refer to your Server Administrator’s Guide.

2.1.6 Using Passwords with Commands
Some commands require you to enter a password. You can provide a password
with a command by typing the password on the same line as the command.
For example, to log on as the user named JIM using the password KAHUNA,
you type:
$ ADMINISTER
LANDOFOZ\\TINMAN> LOGON JIM KAHUNA
The server \\TINMAN successfully logged you on as JIM.
Your privilege level on domain LANDOFOZ is ADMIN.
The last time you logged on was 10/08/00 07:48 PM
LANDOFOZ\\TINMAN>
Because passwords are case sensitive in most cases, pay careful attention when
entering them on a command line. If they are to contain any lowercase letters,
blanks (spaces), or nonalphanumeric characters, be sure to enclose them in
quotation marks.
You can also have the user interface prompt you for the password. For
example, to log on to the network, type:
$ ADMINISTER
LANDOFOZ\\TINMAN> LOGON JIM
Password:
The server \\TINMAN successfully logged you on as JIM.
Your privilege level on domain LANDOFOZ is ADMIN.
The last time you logged on was 10/08/00 07:48 PM
LANDOFOZ\\TINMAN>

ADMINISTER Commands 2–7

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
When you enter a password when prompted, as in the second example, the
password does not appear on the screen as you type. This helps you keep your
password confidential, providing added security. In addition, you need not use
quotation marks if the password contains lowercase letters, blanks (spaces),
or nonalphanumeric characters (as you do when entering the password on the
command line).
If you forget to enter a password for a command that requires one, the software
prompts you for it. Depending on the command that you type, the software
may also prompt you for other required information, such as your user name.
Although the software may prompt for required parameters, do not rely on
the software to prompt you for all required information. Be sure to enter all
required information, except for passwords, on the command line.

2.1.7 Using Abbreviations
In general, the command descriptions in this manual include full command
names, command options, and service names. However, the software recognizes
abbreviations. Note that abbreviations are not recommended for use in batch
jobs and command procedures.
You can abbreviate any command option by typing enough letters to distinguish
it from other command options. The following is an example of the SET AUDIT
POLICY command:
$ ADMINISTER
LANDOFOZ\\TINMAN> SET AUD POLI /FAILURE=(LOGONOFF,PROCESS) _LANDOFOZ\\TINMAN>/AUDIT/SUCCESS=(ALL)
%PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ"
LANDOFOZ\\TINMAN>
Note the use of the continuation character (-) to enter this long command
string.
You can abbreviate options and qualifiers as illustrated in the following
example:
$ ADMIN
LANDOFOZ\\TINMAN> SET AUD POLICY/FAIL=(LOG,PROC)/AUD/SUCCESS=(ALL)
%PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ"
LANDOFOZ\\TINMAN>

2–8 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface

2.1.8 Administering the Advanced Server Using Batch Jobs
You can manage a server with batch jobs that you set up. The .COM files can
contain the ADMINISTER commands you would otherwise enter interactively.
The following example (EVT_CLEANUP.COM) saves an event log, then clears
it:
$ TYPE EVT_CLEANUP.COM
$ ADMINISTER SAVE EVENTS/TYPE=SECURITY SYS$BACKUP:PW-SECURITY.EVT
$ ADMINISTER CLEAR EVENTS/TYPE=SECURITY/NOCONFIRM
$ EXIT
For commands that have confirmation responses (selectable using /CONFIRM
and /NOCONFIRM qualifiers), the default in batch mode is to not ask for
confirmation. In other words, /NOCONFIRM is the default action for batch
jobs.

2.1.9 Universal Naming Convention (UNC) for Path Names
When using the Universal Naming Convention (UNC) for specifying the path
to a shared directory or file, the UNC path has the form
\\server-name\share-name\ path
where:
server-name

is the name of the server where the directory or file resides.

share-name

is the name of the shared resource containing the directory or
file.

path

specifies the path to the directory or file within the shared
resource.

The server-name portion of the UNC, if omitted, defaults to the server currently
being administered (the server to which commands are directed). You can omit
the backslash before the share-name if you omit the server-name.
Except for the TAKE FILE OWNERSHIP command, you can use standard
DOS wildcards within file names, but not for directories. The TAKE FILE
OWNERSHIP command does not accept wildcards for the UNC path.

2.1.10 Extended Character Set Characters
As an alternative to the conventional ASCII and ISO Latin-1 (ISO-8859-1)
character sets, the Advanced Server can use any one of several other ISO8859-n character sets. Each character set supports one or more languages.
The character set used by the Advanced Server depends on the language
selected during configuration. Only one character set can be configured for use
by the server at a time. (The Compaq Advanced Server for OpenVMS Server
Administrator’s Guide lists the available ISO-8859 character sets.) Each

ADMINISTER Commands 2–9

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
of these character sets include extended character sets (or Unicode UCS-2)
characters, called code points, with values of hexadecimal 0080 or higher.
Thus, a broader set of characters is available for ADMINISTER commands
when specifying, for example, names of file and directory shares (and their
path names), print shares, users, and groups. These characters can also be
specified in text strings (such as descriptions) that users can specify for these
objects. (These characters are not supported in computer names, alias names,
domain names, and trusted domain names.)
Use the ADMINISTER SET MODE command to determine the display format
for such characters and to enable handling of such characters for input.
For more information, see the SET MODE command, and also refer to the
Compaq Advanced Server for OpenVMS Server Administrator’s Guide. To set
up a language for your Advanced Server for OpenVMS, refer to the Compaq
Advanced Server for OpenVMS Server Installation and Configuration Guide.

2.1.11 Parameter Restrictions
The ADMINISTER command parameters listed in Table 2–2, ADMINISTER
Command Parameter Restrictions, cannot contain the following characters:
"/n []: ; | =,+*? <>

When using ADMINISTER commands, note the parameter restrictions listed
in Table 2–2, ADMINISTER Command Parameter Restrictions:

2–10 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
Table 2–2 ADMINISTER Command Parameter Restrictions
Parameter

Restriction

[domain-name\ ] server-user-name
Specifies the Advanced Server user name to be mapped to a
Compaq OpenVMS server name. An Advanced Server user
can be mapped to only one OpenVMS user. Optionally, you
can specify a network user in a trusted domain. To specify
a network user, include the domain name (domain-name\ )
with the user name, as in KANSAS\ DOLE, where KANSAS
is the trusted domain in which the network user account
resides, and DOLE is the user name of the user account in
the trusted domain.
host-user-name

Specifies the OpenVMS user name to which the Advanced
Server user name is to be mapped. More than one Advanced
Server user can be mapped to the same OpenVMS user.

computer-name

Specifies a computer name as a name that identifies the
computer on the network. The computer-name must be
unique in the network.
The maximum number of characters is 15.

domain-name

Specifies the name of the domain. Except where noted, the
default is the domain currently being administered.
The maximum number of characters is 15.

server-name

Specifies the name of a server that is a member of
the domain. The default is the server currently being
administered.
The maximum number of characters is 15.

full-user-name

Specifies the full, or complete, name for the user. Enclose
the full-user-name in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric
characters.
The maximum number of characters is 256.

group-name

Specifies the name of an Advanced Server group. A group
name cannot be identical to any other group or user name
of the domain or computer being administered.
The maximum number of characters is 20.

[domain-name\ ] member-name
(continued on next page)

ADMINISTER Commands 2–11

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
Table 2–2 (Cont.) ADMINISTER Command Parameter Restrictions
Parameter

Restriction
Specifies the users or groups as members of the group.
Enclose the member-name in quotation marks if it contains
blanks (spaces) or other nonalphanumeric characters.
When adding members to, or removing members from, a
local group, you can specify user accounts or global groups
from the domain being administered and from domains it
trusts. To specify a user account or global group in a trusted
domain, enter a domain-qualified name in the format
domain-name\ member-name, such as KANSAS\ DOLE,
where KANSAS is the name of the trusted domain, and
DOLE is the user or group name defined in the trusted
domain.
The maximum number of characters is 20.

password

Specifies the password for the user. Passwords are case
sensitive. Enclose the password in quotation marks if
it contains lowercase letters, blanks (spaces) or other
nonalphanumeric characters. If you enter /PASSWORD
with no value or an asterisk ( * ), you are prompted for the
password and its confirmation; the password is not echoed
on your terminal. When you are prompted, you need not
use quotation marks.
The maximum number of characters is 14. The default
minimum is 0.

old-password

Specifies the current password for the user account.
Passwords are case sensitive. Enclose the old-password
in quotation marks if it contains lowercase letters, blanks
(spaces) or other nonalphanumeric characters. If you do not
specify old-password, or specify it as an asterisk ( * ), you
are prompted for the password, which is not echoed on your
terminal. When you are prompted, you need not include
quotation marks.
The maximum number of characters is 14.
(continued on next page)

2–12 ADMINISTER Commands

ADMINISTER Commands
2.1 Invoking the ADMINISTER User Interface
Table 2–2 (Cont.) ADMINISTER Command Parameter Restrictions
Parameter

Restriction

queue-name

Specifies the name of the queue. The maximum number of
characters is 12, where the characters are any uppercase
and lowercase letters, digits, the underscore (_), and
dollar sign ($). When you specify characters other than
these supported characters, such as Unicode characters,
the Advanced Server creates an OpenVMS queue using
the standard ODS-2 format for these characters: _ _XX,
where XX is the 8-bit code in the server character set.
Because the Advanced Server must use the standard
ODS-2 four-character substitution in the queue name
for each unsupported character in the print share name,
the length of an Advanced Server print share name is
restricted accordingly. For example, seven characters is the
maximum length for a print share name consisting entirely
of unsupported characters.

share-name

The name of the share. If MS–DOS computers will connect
to the share, the share-name can be up to 8 characters long,
optionally followed by a period and up to 3 more characters.
The maximum number of characters is 12.

string

Specifies descriptive information. Enclose the string in
quotation marks if it contains lowercase letters, blanks
(spaces) or other nonalphanumeric characters.
The maximum number of characters is 256.

user-name

Specifies the name of the user to be added. The user-name
must be unique within the domain or computer being
administered.
The maximum number of characters is 20.

new-user-name

Specifies the user name for the new user account.
The maximum number of characters is 20.

workstation-name

Specifies a workstation from which the user can log on
to the domain. The workstation-name is the name of a
workstation, or an asterisk ( * ), to specify all workstations.
The maximum number of characters is 15.

ADMINISTER Commands 2–13

ADMINISTER Commands
ADD COMPUTER

ADD COMPUTER
Adds a computer account to a domain’s security database (the domain-wide
user accounts database). Before a computer can join a domain, a computer
account must be added to the domain’s security database.
The ADD COMPUTER command is useful only if you do not wish to give out
the user name and password of an Administrator account in your domain to
the administrator of the computer that will join your domain. If you do not
wish to supply this information, use the ADD COMPUTER command to add
the computer account to your domain before the computer’s administrator joins
the domain. If you supply password information to the administrator of the
other computer, the administrator can use it when joining and the computer
account will be added to the domain automatically.
The ADD COMPUTER command is not necessary for the primary domain
controller; that computer is added automatically.
Note that until the intended computer account actually joins the domain, it is
possible for a malicious user to give a different computer that computer name,
and then have it join the domain using the computer account you have just
created. If the added computer is a backup domain controller when it joins, it
receives a copy of the domain’s security database.

Format
ADD COMPUTER computer-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
REMOVE COMPUTER
SET COMPUTER
SHOW COMPUTERS

Parameters
computer-name
Specifies a 1 to 15 character name for the computer account to be added to
the domain. The specified name cannot be the same as any other computer or
domain name in the network.

2–14 ADMINISTER Commands

ADMINISTER Commands
ADD COMPUTER

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain to which to add the computer account.
The default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/ROLE=role-type
Specifies the computer’s role in the network. (Note that to change the role of a
backup domain controller to a primary domain controller, or vice versa, use the
SET COMPUTER/ROLE command. To change the role of an Advanced Server
domain controller to a member server, or of an Advanced Server member server
to a domain controller, you must use the SYS$UPDATE:PWRK$CONFIG
command procedure. ) The role-type keyword can be one of the following:
Role-Type

Specify if the computer is:

BACKUP_DOMAIN_CONTROLLER
A Windows NT or compatible backup domain controller.
SERVER
Windows NT or compatible server, but not a primary or
backup domain controller.
WORKSTATION
A Windows NT Workstation. This is the default.
/SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add
the computer account. Do not specify both /DOMAIN and /SERVER on the
same command line.

Example
LANDOFOZ\\TINMAN> ADD COMPUTER DOROTHY/ROLE=SERVER
%PWRK-S-COMPADD, computer "DOROTHY" added to domain "LANDOFOZ"
This example adds the computer named DOROTHY to the default domain
(LANDOFOZ), as a Windows NT compatible server.

ADMINISTER Commands 2–15

ADMINISTER Commands
ADD GROUP

ADD GROUP
Adds a local or global group to a domain’s security database, and optionally
adds members to the group.

Format
ADD GROUP group-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
COPY GROUP
MODIFY GROUP
REMOVE GROUP
SHOW GROUPS

Parameters
group-name
Specifies a 1 to 20 character name for the group to be added. A group name
cannot be identical to any other group or user name of the domain or server
being administered. It can contain any uppercase or lowercase characters
except for the following:
"/\ []: ; | =,+*? <>

Qualifiers
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the group. Enclose the string in quotation marks if
it contains lowercase letters, blanks (spaces) or other nonalphanumeric
characters. /NODESCRIPTION, the default, indicates that the description is to
be blank.

2–16 ADMINISTER Commands

ADMINISTER Commands
ADD GROUP
/DOMAIN=domain-name
Specifies the name of the domain to which to add the group. The default is
the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/GLOBAL
Indicates that the specified group is to be added as a global group. This is
the default if neither /GLOBAL nor /LOCAL are specified. Do not specify both
/GLOBAL and /LOCAL on the same command line.
/LOCAL
Indicates that the specified group is to be added as a local group. By default, a
group is added as a global group. Do not specify both /GLOBAL and /LOCAL
on the same command line.
/MEMBERS=([domain-name]\ member-name[,...])
Adds the specified members to the membership list of the group. If the group
being added is a local group, you can add user accounts and global groups from
the domain being administered and from domains it trusts.
To specify a user account or global group in a trusted domain, enter a domainqualified name (domain-name\member-name), such as KANSAS\DOLE, where
KANSAS is the name of the trusted domain, and DOLE is the user or group
name defined in the trusted domain. If you omit a domain name, the user or
group is assumed to be defined in the domain being administered.
If the group being added is a global group, you can add user accounts only from
the domain being administered.
/SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add
the group. Do not specify both /DOMAIN and /SERVER on the same command
line.

Examples
1.

LANDOFOZ\\TINMAN> ADD GROUP MUNCHKINS/MEMBERS=(SCARECROW,STRAWMAN)
%PWRK-S-GROUPADD, group "MUNCHKINS" added to domain "LANDOFOZ"
This example adds the global group named MUNCHKINS to the default
domain being administered (LANDOFOZ). The group will contain as
members, the users named SCARECROW and STRAWMAN. The group
is added as a global group because neither the /GLOBAL nor /LOCAL
qualifiers were specified, and /GLOBAL is the default.

ADMINISTER Commands 2–17

ADMINISTER Commands
ADD GROUP
2.

LANDOFOZ\\TINMAN> ADD GROUP WINKIES/LOCAL _LANDOFOZ\\TINMAN> /MEMBERS=(MUNCHKINS,KANSAS\WIZARD)
%PWRK-S-GROUPADD, group "WINKIES" added to domain "LANDOFOZ"
This example adds the local group named WINKIES to the default domain
being administered (LANDOFOZ). The group will contain as members, the
global group MUNCHKINS from the LANDOFOZ domain, and the user
WIZARD from the trusted domain KANSAS.

2–18 ADMINISTER Commands

ADMINISTER Commands
ADD HOSTMAP

ADD HOSTMAP
Adds a user account mapping between a Compaq OpenVMS server user
account and an OpenVMS user account.

Format
ADD HOSTMAP [domain-name\]server-user-name host-user-name [/qualifier]

Restrictions
Use of this command requires membership in the Administrators local group.
This command is valid only for Compaq OpenVMS servers.

Related Commands
REMOVE HOSTMAP
SHOW HOSTMAP

Parameters
[domain-name\ ]server-user-name
Specifies the Advanced Server user name to be mapped to an OpenVMS user
name. You can map a network user in a trusted domain to an OpenVMS user.
Specify the domain-qualified user name in the format domain-name\ serveruser-name, such as KANSAS\DOLE, where KANSAS is the trusted domain,
and DOLE is the user name of the user account defined in the trusted domain.
If you omit a domain name, the user account is assumed to be defined in the
domain of the server currently being administered.
An Advanced Server user can be mapped to only one OpenVMS user.
host-user-name
Specifies the OpenVMS user name to which the Advanced Server user name
is to be mapped. More than one Advanced Server user can be mapped to the
same OpenVMS user.

Qualifiers
/SERVER=server-name
Specifies the name of the server to which to add the host account mapping.
The default is the server currently being administered.

ADMINISTER Commands 2–19

ADMINISTER Commands
ADD HOSTMAP

Example
LANDOFOZ\\TINMAN>ADD HOSTMAP SCARECROW STRAWMAN
%PWRK-S-HOSTMAPADD, user "SCARECROW" mapped to host user "STRAWMAN"
This example adds a user account mapping for the Advanced Server user
SCARECROW, to the OpenVMS user STRAWMAN, on the server currently
being administered (TINMAN).

2–20 ADMINISTER Commands

ADMINISTER Commands
ADD PRINT QUEUE

ADD PRINT QUEUE
Creates an Advanced Server print queue. A print queue can be one of the
following:
•

Printer queue, which is a queue associated with a physical printing device
(equivalent to an OpenVMS execution queue)

•

Routing queue, which is a queue that routes print requests to one or more
printer queues (equivalent to an OpenVMS generic queue)

Format
ADD PRINT QUEUE queue-name {/PRINTER | /ROUTE_TO} [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators, Server
Operators, or Print Operators local group. This command is valid only to
Compaq OpenVMS servers.

Related Commands
ADD SHARE/PRINT
CONTINUE PRINT QUEUE
PAUSE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES

Parameters
queue-name
Specifies a name for the queue to be added. The queue name may be 1 to 12
characters, where the characters are any uppercase and lowercase letters,
digits, the underscore (_), and dollar sign ($). When you specify characters
other than these supported characters, such as Unicode characters, the length
is limited further. For example, seven characters is the maximum length for a
print share name consisting entirely of unsupported characters.
You specify the type of queue, printer or routing, with the /PRINTER and
/ROUTE_TO qualifiers, respectively.

ADMINISTER Commands 2–21

ADMINISTER Commands
ADD PRINT QUEUE

Qualifiers
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information
about the queue. Enclose the string in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION, the default, indicates that the description is to be blank.
/PRINTER=device-name
Indicates that the queue to be added is a printer queue, and specifies the
physical device name or port to which the printer is physically connected. This
is the actual OpenVMS system device, for example, OPA0, TTA2, TXA7, or
LTA201. You must specify either the /PRINTER or /ROUTE_TO qualifier. Do
not specify both /PRINTER and /ROUTE_TO on the same command line.
/ROUTE_TO=(print-queue[,...])
Indicates that the queue to be added is a routing queue, and specifies one
or more printer queues to which to route print jobs. You must specify either
the /PRINTER or /ROUTE_TO qualifier. Do not specify both /PRINTER and
/ROUTE_TO on the same command line.
/SERVER=server-name
Specifies the name of the server on which to create the queue. The default is
the server currently being administered.
/TYPE=printer-type
Specifies the type of printer when adding a printer queue. Do not use the
/TYPE qualifier with the /ROUTE_TO qualifier. The printer-type keyword can
be one of the following:
Printer-Type

Type of Printer

DL1100
DL2100
DL2100P
DL2200
DL2200P
DL3200
LN03

DEClaser 1100
DEClaser 2100
DEClaser 2100 Plus
DEClaser 2200
DEClaser 2200 Plus
DEClaser 3200
DIGITAL LN03

2–22 ADMINISTER Commands

ADMINISTER Commands
ADD PRINT QUEUE
Printer-Type

Type of Printer

LN03P
LA50
LA70
LA75
LA210
LA324
LG01
LG02
LG06
LG31
LJ250
FX850
FX1050
HP_LASERJET
PROPRINTER
SILENTWRITER
GENERIC

DIGITAL LN03 Plus
DIGITAL LA50
DIGITAL LA70
DIGITAL LA75
DIGITAL LA210
DIGITAL LA324
DIGITAL LG01
DIGITAL LG02
DIGITAL LG06
DIGITAL LG31
DIGITAL LJ250
EPSON FX850
EPSON FX1050
Hewlett-Packard LaserJet IID
IBM Proprinter
NEC Silentwriter 2, model 290 (not PostScript)
All other printer types (the default)

Examples
1.

LANDOFOZ\\TINMAN> ADD PRINT QUEUE TOTO/PRINTER=LTA201/TYPE=DL3200 _LANDOFOZ\\TINMAN> /DESCRIPTION="Dot’s Printer"
%PWRK-S-QUEADD, queue "TOTO" added on server "TINMAN"
This example adds the printer queue TOTO to the server currently being
administered (TINMAN). The printer is connected to LTA201 and is a
DEClaser 3200. The description for the print queue is "Dot’s Printer."

LANDOFOZ\\TINMAN> ADD PRINT QUEUE GLENDA/ROUTE_TO=(TOTO,WIZ) _LANDOFOZ\\TINMAN>) /DESCRIPTION="Printers in the Land of Oz"
%PWRK-S-QUEADD, queue "GLENDA" added on server "TINMAN"
This example adds a routing queue named GLENDA to the server currently
being administered (TINMAN). The print jobs are routed to either of the
two printer queues: TOTO or WIZ. The description for the print queue is
"Printers in the Land of Oz."

ADMINISTER Commands 2–23

ADMINISTER Commands
ADD SHARE/DIRECTORY

ADD SHARE/DIRECTORY
Adds a shared directory resource to the server’s share database, making the
directory (the directory tree and its files) available to network users. Adding
a shared directory is the default for the ADD SHARE command when you do
not specify the /DIRECTORY or /PRINT qualifier. To add a shared print queue,
refer to the ADD SHARE/PRINT command.

Format
ADD SHARE share-name share-path [/qualifiers]
ADD SHARE/DIRECTORY share-name share-path [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators, Account
Operators, or Server Operators local group.

Related Commands
ADD SHARE/PRINT
MODIFY SHARE
REMOVE SHARE
SHOW SHARES

Parameters
share-name
Specifies a 1 to 12 character name used to identify and connect to the shared
directory. If computers running MS–DOS will be connecting to the share, the
share name should be limited to eight characters, optionally followed by a
period and up to three more characters.
share-path
The path to a directory, local to the server being administered, to be shared.

Qualifiers
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information
about the shared directory. Compaq recommends that you limit the string
length to 32 characters. Enclose the string in quotation marks if it contains

2–24 ADMINISTER Commands

ADMINISTER Commands
ADD SHARE/DIRECTORY
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION, the default, indicates that the description is to be blank.
/HOST_ATTRIBUTES=(attribute-type[,...])
Sets host-system-specific attributes for the share, and is valid for Compaq
OpenVMS servers only. For the attribute-type keyword, you can specify one or
more of the keywords DIRECTORY_PROTECTION, FILE_PROTECTION, and
RMS_FORMAT, as follows:
DIRECTORY_PROTECTION=(ownership:access[,...])

Specifies the default OpenVMS RMS protections for subdirectories
created in the shared directory. The protection of existing subdirectories
is not affected.
Specify the ownership keyword as any of the following:
Ownership

Description

OWNER
GROUP
WORLD

File owner (also applies to SYSTEM)
Users in same UIC group
All other users

Specify the access keyword as any combination of the following:
Access

Description

Read-only access. Users can display files that they
have permission to access in the directory.
Write access. Users can create files in the directory,
and can edit and delete files that they have permission
to access. Write access implies delete access.
Execute access. Users can run program files that they
have permission to access in the directory.

Owner access is also applied to SYSTEM. The default RMS directory
protection is OWNER:RWED, GROUP:RWED, WORLD:RE.
FILE_PROTECTION=(ownership:access[,...])

Specifies the default OpenVMS RMS protections for files created in the
shared directory. The protection of existing files is not affected.

ADMINISTER Commands 2–25

ADMINISTER Commands
ADD SHARE/DIRECTORY
FILE_PROTECTION=(ownership:access[,...])

Specify the ownership keyword as any of the following:
Ownership

Description

OWNER
GROUP
WORLD

File owner (also applies to SYSTEM)
Users in same UIC group
All other users

Specify the access keyword as any combination of the following:
Access

Description

Read-only access. Users with access to the directory
can display files stored there.
Write access. Users with access to the directory can
edit and delete files stored there. Write access implies
delete access.
Execute access. Users with access to the directory can
run program files stored there.

Owner access is also applied to SYSTEM. The default RMS file
protection is OWNER:RWD, GROUP:RWD, WORLD:R.
RMS_FORMAT=record-type

Specifies the OpenVMS RMS record format of files created in the shared
directory.
The record-type keyword can be one of the following:
Record-Type

Description

SEQUENTIAL_FIXED
Files created in the shared directory are RMS
sequential files with fixed length 512 byte records.
STREAM
Files created in the shared directory are RMS stream
format files. This is the default.
UNDEFINED
Files created in the shared directory have no specific
RMS format. The format is defined by the application
writing the file.

2–26 ADMINISTER Commands

ADMINISTER Commands
ADD SHARE/DIRECTORY
/LIMIT=connect-limit
/NOLIMIT
Specifies the maximum number of users who can connect to the shared
directory at one time. /NOLIMIT, the default, specifies there is no maximum
connection limit.
/PERMISSIONS=([domain-name\]name=access[,...])
/NOPERMISSIONS
Specifies the access permissions for the directory share. These permissions
control network access to the directory share, and determine which users or
groups can access the shared directory, and the type of access they are allowed.
When a directory is shared, the default is to grant FULL access to everyone.
This permission allows anyone to do anything they wish to any of the
files or subdirectories in the directory tree. To restrict access, use the
/NOPERMISSIONS qualifier. In this case, you must use the /PERMISSIONS
qualifier to grant access to specific users or groups.
The permissions list (name=access) is a list of users and groups allowed
to access the shared resource, and the type of access granted to each user
or group. It must be enclosed in parentheses, and consists of one or more
name=access pairs, where name can be any valid user or group name from this
or another trusted domain, and access can be any one of the types listed in the
following table.
To specify a user or group name in a trusted domain, enter the domainqualified name (domain-name\ name), such as KANSAS\DOLE, where
KANSAS is the name of the trusted domain, and DOLE is the user or group
name defined in the trusted domain. If you omit a domain name, the user or
group is assumed to be defined in the domain of the server currently being
administered.
Access

Description

NONE

READ

ADMINISTER Commands 2–27

ADMINISTER Commands
ADD SHARE/DIRECTORY
Access

Description

CHANGE

Allows viewing file names and subdirectory names, traversing
to subdirectories, viewing data in files, running applications,
adding files and subdirectories, changing data in files, and
deleting subdirectories and files
Allows viewing file names and subdirectory names, traversing
to subdirectories, viewing data in files, running applications,
adding files and subdirectories, changing data in files,
deleting subdirectories and files, changing file and directory
permissions, and taking ownership of files and directories

FULL

/PERSONAL
/NOPERSONAL
Indicates that the shared directory is a personal share. Personal shares are
supported on Compaq OpenVMS servers only. A personal share is identical
to a shared directory in all ways except that it does not appear in a SHOW
SHARES display by default, and is not network browsable. /NOPERSONAL,
the default, indicates that the shared directory should not be a personal share.
/SERVER=server-name
Specifies the name of the server on which to add the share. The default is the
server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> ADD SHARE/DIRECTORY RAINBOW USER1:[SHARED] _LANDOFOZ\\TINMAN> /DESCRIPTION="Files of many colors"
%PWRK-S-SHAREADD, share "RAINBOW" added on server "TINMAN"
This example adds a directory share named RAINBOW for the directory
whose path is USER1:[SHARED]. The description for the share is "Files of
many colors".

LANDOFOZ\\TINMAN> ADD SHARE TORNADO USER1:[TORNADO_FILES] _LANDOFOZ\\TINMAN> /NOPERMISSIONS/PERMISSIONS=(SCARECROW=FULL)
%PWRK-S-SHAREADD, share "TORNADO" added on server "TINMAN"
This example adds a directory share named TORNADO for the directory
whose path is USER1:[TORNADO_FILES]. The /NOPERMISSIONS
qualifier explicitly denies access to the share to all users, which is granted
by default, and the /PERMISSIONS qualifier grants FULL access to the
share to the user SCARECROW.

2–28 ADMINISTER Commands

ADMINISTER Commands
ADD SHARE/PRINT

ADD SHARE/PRINT
Adds a shared print queue resource to the server’s share database, making the
print queue available to network users.

Format
ADD SHARE/PRINT share-name [queue-name] [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators, Account
Operators, Server Operators, or Print Operators local group.
The /PRINT qualifier is required to specify a print share, and must follow the
ADD SHARE command and precede any other parameters or qualifiers.
If Windows NT printer management is enabled on the server, do not use this
command. Use Windows NT print services to add a printer and enable it to be
shared.

Related Commands
ADD PRINT QUEUE
ADD SHARE/DIRECTORY
MODIFY SHARE
REMOVE SHARE
SHOW SHARES

Parameters
share-name
Specifies a 1 to 12 character name used to identify and connect to the shared
print queue. The print share name and queue name must match if the print
queue is to be accessed from Windows NT, Windows 95, Windows 98, and
Windows 2000 clients. If computers running MS–DOS will be connecting to
the share, the share name should be limited to eight characters, optionally
followed by a period and up to three more characters.
queue-name
The name of a print queue, local to the server being administered, to be shared.
If not specified, the queue-name parameter defaults to the name of the share.
If queue-name differs from the associated OpenVMS queue name, define a
logical to associate queue-name with the OpenVMS queue name.

ADMINISTER Commands 2–29

ADMINISTER Commands
ADD SHARE/PRINT

Qualifiers
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information
about the shared print queue. Enclose the string in quotation marks if
it contains lowercase letters, blanks (spaces) or other nonalphanumeric
characters. /NODESCRIPTION, the default, indicates that the description is to
be blank.
/LIMIT=connect-limit
/NOLIMIT
Specifies the maximum number of users who can connect to the shared print
queue at one time. /NOLIMIT, the default, specifies there is no maximum
connection limit.
/PERMISSIONS=([domain-name\]name=access[,...])
/NOPERMISSIONS
Specifies the access permissions for the shared print queue. These permissions
control network access to the print queue, and determine which users or groups
can access the shared print queue, and the type of access they are allowed.
When a print queue is shared, the default is to grant PRINT access to
everyone. This permission allows anyone to print to the shared print queue.
Use /NOPERMISSIONS if you do not wish to grant this default permission. In
this case, you must use the /PERMISSIONS qualifier to grant access to specific
users or groups.
The permissions list is a list of users and groups allowed to access the shared
print queue, and the type of access granted to each user or group. It must
be enclosed in parentheses, and consists of one or more name=access pairs,
where name can be any valid user or group name from this or another trusted
domain, and access can be any one of the types listed in the following table.
To specify a user or group name in a trusted domain, enter the domainqualified name (domain-name\ name), such as KANSAS\DOLE, where
KANSAS is the name of the trusted domain, and DOLE is the user or group
name defined in the trusted domain.
If you omit a domain name, the user or group is assumed to be defined in the
domain of the server being administered.

2–30 ADMINISTER Commands

ADMINISTER Commands
ADD SHARE/PRINT
Access

Description

NONE
Prevents any access to the printer
PRINT
Allows printing of documents
MANAGE_DOCUMENTS
Allows holding, releasing, and deleting of print jobs, and
changing the order in which jobs print
FULL
Allows printing of documents; holding, releasing and deleting
of print jobs; changing the order in which jobs print; aborting
and restarting of jobs being printed; pausing, continuing and
purging of the print queue; changing of print queue settings;
removal of the print queue; and changing of print resource
permissions
/SERVER=server-name
Specifies the name of the server on which to add the share. The default is the
server currently being administered.

Example
LANDOFOZ\\TINMAN> ADD SHARE/PRINT TOTO TOTO_LA210 _LANDOFOZ\\TINMAN> /DESCRIPTION="LA210 printer on TINMAN"
%PWRK-S-SHAREADD, share "TOTO" added on server "TINMAN"
This example adds a print share named TOTO for the print queue called
TOTO_LA210. The description for the share is "LA210 printer on TINMAN".
This print queue will be accessed by Windows 3.1 and MS–DOS clients only,
thus the print share name can differ from the print queue name. The print
share name and queue name must match if the print queue is to be accessed
from Windows NT, Windows 95, Windows 98, and Windows 2000 clients.

ADMINISTER Commands 2–31

ADMINISTER Commands
ADD TRUST

ADD TRUST
Adds the specified domain to either the list of domains this domain trusts or to
the list of domains that are allowed to trust this domain.
A trust relationship is a link between two server domains, where one domain
honors the users of another domain, trusting the logon authentications
performed by that other domain for its own users. User accounts and global
groups defined in a trusted domain can be granted rights, resource permissions,
and local group memberships at a trusting domain and its member computers,
even though those accounts do not exist in the trusting domain’s security
database. When trust relationships are properly established between all the
domains in a network, they allow a user to have only one user account and
one password in one domain, yet have access to the resources anywhere in the
network.
Establishing a trust relationship requires two steps in two different domains:
first one domain must permit a second domain to trust it, and then the second
domain must be set to trust the first domain. Establishing a two-way trust
relationship (where each domain trusts the other) requires that both steps be
performed in both domains.

Format
ADD TRUST trust-domain [password] {/PERMITTED | /TRUSTED} [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
REMOVE TRUST
SHOW TRUSTS

Parameters
trust-domain
Specifies the 1 to 15 character name of the domain with which to set up a trust
relationship.

2–32 ADMINISTER Commands

ADMINISTER Commands
ADD TRUST
password
Specifies the password used to establish the trust. The password is case
sensitive, and can be up to 14 characters in length. Passwords entered on the
command line are converted to uppercase unless enclosed within quotation
marks. If the password you specify contains lowercase letters, enclose it in
quotation marks, unless you enter the password in response to the password
prompt.
If you do not enter a value for the password, or enter it as an asterisk (*),
you are prompted for a password and a confirmation. The password is not
displayed as it is entered.
When setting up to trust another domain (using the /TRUSTED qualifier), this
password must match the password given on the other domain when it was
set up to permit this domain to trust it. When setting up to permit another
domain to trust this domain (using the /PERMITTED qualifier), this password
must be used on the other domain when it is set up to trust this domain.
Once a trust relationship is established, the password used to establish the
trust is changed by the system. Because of this, you cannot remove one side
of an established trust relationship, and then later reestablish that trust
using the original password. You must always remove both sides of a trust
relationship, and then completely reestablish it.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DOMAIN=domain-name
Specifies that the trust relationship is to be added to the domain called
domain-name. The default is the domain currently being administered. Do not
specify both /DOMAIN and /SERVER on the same command line.

ADMINISTER Commands 2–33

ADMINISTER Commands
ADD TRUST
/PERMITTED
Specifies that the domain is to be added to the list of domains permitted to
trust this domain. Once the domain is added, you must set up the other
domain to trust this domain in order to establish the trust relationship. You
must specify either the /PERMITTED or /TRUSTED qualifier, but not both.
/SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add
the trust relationship. Do not specify both /DOMAIN and /SERVER on the
same command line.
/TRUSTED
Specifies that the domain is to be added to the list of domains that this domain
trusts. To properly establish the trust relationship, the specified domain should
already have permitted this domain to trust it. You must specify either the
/PERMITTED or /TRUSTED qualifier, but not both.

Examples
The following two examples together show how to establish a one-way
trust relationship between the domain currently being administered
(LANDOFOZ) and the domain called KANSAS. After this trust relationship
has been established, users in the KANSAS domain will have access to
resources in the LANDOFOZ domain after logging on to the KANSAS
domain.
1.

LANDOFOZ\\TINMAN> ADD TRUST LANDOFOZ "OverTheRainbow" _LANDOFOZ\\TINMAN> /DOMAIN=KANSAS/PERMITTED/NOCONFIRM
%PWRK-S-TRUSTADD, trust between domains "KANSAS" and "LANDOFOZ added"
This example adds the domain LANDOFOZ to the list of permitted-totrust domains on the domain called KANSAS. The password to be used to
establish the trust will be "OverTheRainbow."

LANDOFOZ\\TINMAN> ADD TRUST KANSAS "OverTheRainbow"/TRUSTED
This may take some time, do you want to continue? [YES or NO] (YES) :
%PWRK-S-TRUSTADD, trust between domains "LANDOFOZ" and "KANSAS" added
This example adds the domain KANSAS to the list of trusted domains
on the domain currently being administered (LANDOFOZ). The password
used to establish the trust is "OverTheRainbow." This example would
complete the one-way trust between domains LANDOFOZ and KANSAS
initiated in the first example.

2–34 ADMINISTER Commands

ADMINISTER Commands
ADD USER

ADD USER
Adds a local or global user account to a domain’s security database, and
optionally adds the user as a member of specified groups.

Format
ADD USER user-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group. Only members of the Administrators local group can
add members to the Administrators local group.

Related Commands
COPY USER
MODIFY USER
REMOVE USER
SHOW USERS

Parameters
user-name
Specifies a 1 to 20 character account name for the user to be added. The
user name cannot be identical to any other user or group name of the domain
or server being administered. It can contain any uppercase or lowercase
characters except the following:
"/\ []: ; | =,+*? <>

Qualifiers
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the user. Enclose the string in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION, the default, indicates that the description is to be blank.

ADMINISTER Commands 2–35

ADMINISTER Commands
ADD USER
/DOMAIN=domain-name
Specifies the name of the domain on which to add the user account. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/EXPIRATION_DATE=date
/NOEXPIRATION_DATE
Specifies whether the account has an expiration date, and, if so, the date the
account is to expire. The date is specified in the standard OpenVMS date
format (dd-mmm-yyyy). /NOEXPIRATION_DATE, the default, specifies that
the account will not have an expiration date, and therefore will never expire.
/FLAGS=(option[,...])
Specifies the logon flags for the user account. Precede the option keyword with
NO to clear the specified flag. The option keyword can be one or more of the
following. If you do not specify the /FLAGS qualifier, the default flags are as
indicated.
Option

Description

2–36 ADMINISTER Commands

ADMINISTER Commands
ADD USER
Option

Description

[NO]PWDEXPIRED
The password is initially expired. This forces the user to
change the password at the next logon. PWDEXPIRED
is the default if you specify neither PWDEXPIRED nor
NOPWDEXPIRED. Do not specify the PWDEXPIRED option
in the same command with either the PWDLOCKED or the
DISPWDEXPIRATION option.
[NO]PWDLOCKED
Prevents the user from changing the password. This option
is usually applied only to user accounts used by more than
one person, such as the Guest account. NOPWDLOCKED
is the default if you specify neither PWDLOCKED nor
NOPWDLOCKED. Do not specify the PWDLOCKED and
PWDEXPIRED options in the same command.
/FULLNAME="full-user-name"
/NOFULLNAME
The full name is the user’s complete name, and can be up to 256 characters in
length. Enclose the string in quotation marks to preserve case (the default is
uppercase). It is a good idea to establish a standard for entering full names,
so that they always begin with either the first name (Louise G. Morgan) or the
last name (Morgan, Louise G.), because the full name can affect the sorting
order for the SHOW USERS command. /NOFULLNAME, the default, specifies
a blank full name.
/GLOBAL
Indicates that the specified user account is to be added as a global account.
User accounts can be either global (the default) or local. Most accounts are
global accounts. A global account is a normal user account in the user’s home
domain. A local account is an account provided in this domain for a user whose
global account is not in a trusted domain. Do not specify both /GLOBAL and
/LOCAL on the same command line.
/HOME=(option[,...])
/NOHOME
Specifies a user’s home directory information. A home directory is a directory
that is automatically accessible to a user and contains files and programs for
the user. This feature applies only when the user logs on from a Windows NT
client. The specified home directory becomes the Windows NT user’s default
directory for the File Open and Save As dialog boxes, for the command prompt,

ADMINISTER Commands 2–37

ADMINISTER Commands
ADD USER
and for all applications that do not have a working directory defined. A home
directory can be assigned to a single user or it can be shared by many users.
A home directory can be a shared network directory or a local directory on a
user’s workstation. On other clients, the home directory setting has no effect.
If you specify a network path for the home directory, you must also specify a
drive letter to be assigned to the path when the user logs on. If the specified
directory does not exist, an attempt will be made to create it. If the directory
cannot be created, a message will be issued instructing you to manually create
the directory.
If you specify a local path for the home directory, do not include a drive letter.
You must manually create the directory if it does not exist. /NOHOME, the
default, specifies that the user will not have a home directory.
The option keyword can be one or more of the following:
Option

Description

DRIVE=driveletter
Specifies the drive letter to use for connecting to the home
directory if the home directory specified in the PATH option is
a shared network directory. The driveletter can be from C to Z.
PATH=homepath
Specifies an optional home directory that is accessible to
the user and contains files and programs for the user. The
homepath must be an absolute path of a directory local to the
user’s workstation, or a UNC (Universal Naming Convention)
path of a shared network directory.
/HOURS=(logon-time[,...])
/NOHOURS
Specifies the days and hours when the user can connect to a server. The
default is to allow a user to connect during all hours of any day. /NOHOURS
specifies that the user cannot connect at any time of any day.
Specify logon-time in the following format:
day=([n-m],[n],[*])
where n and m are hours of the day, and day is any one of the following:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY,
SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL

2–38 ADMINISTER Commands

ADMINISTER Commands
ADD USER
Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock.
You can specify a single hour (n), ranges of hours (n-m), or all hours of the day
(*). Note that hours are inclusive; that is, if you grant access during a given
hour, access extends to the end of that hour. If you specify no hours, all hours
are allowed for the specified days.
/LOCAL
Indicates that the specified user account is to be added as a local account.
User accounts can be either global (the default) or local. Most accounts are
global accounts. A global account is a normal user account in the user’s home
domain. A local account is an account provided in this domain for a user whose
global account is not in a trusted domain. Do not specify both /GLOBAL and
/LOCAL on the same command line.
/MEMBER_OF_GROUPS=(group-name[,...])
Adds the user as a member of the specified local or global groups.
/PASSWORD[="password"]
/NOPASSWORD
Specifies the password for the user account. Passwords are case sensitive, and
can be up to 14 characters in length. The minimum length is set by using the
SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command.
The default is 0, which permits a blank password. Passwords entered on the
command line are converted to uppercase unless enclosed within quotation
marks. If the password you specify contains lowercase letters, blanks (spaces),
or other nonalphanumeric characters, enclose it in quotation marks, unless
you enter the password in response to the password prompt. (If you enclose
the password in quotation marks at the password prompt, the quotation marks
become part of the password.) If you enter /PASSWORD with no value, or as
an asterisk (*), you are prompted for a password and a confirmation, which will
not be displayed as they are entered. /NOPASSWORD, the default, specifies
that the account will have a blank password. With /NOPASSWORD, the
default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for
a password. However, you can override this default for /NOPASSWORD by
specifying the /FLAGS=PWDEXPIRED qualifier.
/PRIMARY_GROUP=group-name
Sets the user account’s primary group. A primary group is used when a user
logs on using Windows NT Services for Macintosh, or runs POSIX applications.
group-name must be a global group of which the user is a member. If the
/PRIMARY_GROUP qualifier is not specified, the user’s primary group is set to
the "Domain Users" global group by default.

ADMINISTER Commands 2–39

ADMINISTER Commands
ADD USER
/PROFILE=profile-path
/NOPROFILE
Specifies a path for an optional user profile. The path should be a
network path that includes a file name. The file name can be that of
a personal user profile (.USR file name extension) or a mandatory user
profile (.MAN file name extension). For example, you might enter:
/PROFILE="\\eng\ profiles\johndoe.usr". /NOPROFILE, the default, specifies
that the user will not have a profile.
/SCRIPT=script-name
/NOSCRIPT
Specifies a name for an optional logon script that runs each time the user logs
on. A logon script can be a batch file (.BAT or .CMD file name extension) or
an executable program (.EXE file name extension). A single logon script can
be assigned to one or more user accounts. When a user logs on, the server
authenticating the logon locates the logon script by following the server’s logon
script path in the \netlogon share. The script-name specifies a file relative to
that path. /NOSCRIPT, the default, specifies that the user will have no logon
script.
/SERVER=server-name
Specifies the name of a server that is a member of the domain to which to add
the user. Do not specify both /DOMAIN and /SERVER on the same command
line.
/WORKSTATIONS=(workstation-name[,...])
Specifies up to eight workstations from which the user can log on to the
domain. The default is to allow a user to log on from any workstation, but you
can restrict a user to log on only from specific workstations. The workstationname is a 1 to 15 character name of a workstation. You may use an asterisk
(*) for the workstation name to specify all workstations.

Examples
1.

LANDOFOZ\\TINMAN> ADD USER SCARECROW/PASSWORD="OverTheRainbow" _LANDOFOZ\\TINMAN> /MEMBER_OF_GROUPS="Administrators" _LANDOFOZ\\TINMAN> /HOURS=(WEEKDAYS=8-16,WEEKENDS=*) _LANDOFOZ\\TINMAN> /FLAGS=NOPWDEXPIRED
%PWRK-S-USERADD, user "SCARECROW" added to domain "LANDOFOZ"
This example adds the user with user name SCARECROW to the domain
LANDOFOZ. The password for the user account is OverTheRainbow. The
user is made a member of the Administrators local group, may connect to
a server from 8:00 AM to 4:59 PM Monday through Friday, and all day

2–40 ADMINISTER Commands

ADMINISTER Commands
ADD USER
Saturday and Sunday. The password for the account will not be initially
expired.
2.

LANDOFOZ\\TINMAN> ADD USER FRIENDLY/PASSWORD="PotOfGold"_LANDOFOZ\\TINMAN> /EXPIRATION_DATE=09-JUN-2001
%PWRK-S-USERADD, user "FRIENDLY" added to domain "LANDOFOZ"
This example adds the user with user name FRIENDLY to the domain
LANDOFOZ, and sets the account to expire June 9, 2001.

ADMINISTER Commands 2–41

ADMINISTER Commands
CLEAR EVENTS

CLEAR EVENTS
Clears all the events from the selected event log file.

Format
CLEAR EVENTS

[/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
SAVE EVENTS
SHOW EVENTS

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/TYPE=log-type
Specifies the log file to be cleared. The log-type keyword can be one of the
following:
Log-Type

Log File

APPLICATION
SECURITY
SYSTEM

The application log file
The security log file
The system log file (the default)

/SERVER=server-name
Specifies the name of the server on which to clear the events. The default is
the server currently being administered.
2–42 ADMINISTER Commands

ADMINISTER Commands
CLEAR EVENTS

Example
LANDOFOZ\\TINMAN> CLEAR EVENTS/TYPE=SECURITY
Clear the Security Event Log [YES or NO] (YES) : YES
%PWRK-S-ELFCLEARED, Security Event Log on server "TINMAN" cleared
This example clears the Security Event Log file on the server currently being
administered (TINMAN). A confirmation is required.

ADMINISTER Commands 2–43

ADMINISTER Commands
CLOSE OPEN_FILE

CLOSE OPEN_FILE
Closes one or all of the resources open on a server.

Format
CLOSE OPEN_FILE resource-id [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Server
Operators local group.

Related Commands
SHOW OPEN_FILES

Parameters
resource-id
Specifies the resource ID of the resource to be closed, or * to close all open
resources. You can obtain the resource ID for a specific open resource from the
SHOW OPEN_FILES command display.
Note that some administration resources are opened on behalf of the system or
the ADMINISTER interface. You cannot close these resources. The system will
close them when appropriate.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server on which to close the resource. The default is
the server currently being administered.

2–44 ADMINISTER Commands

ADMINISTER Commands
CLOSE OPEN_FILE

Examples
1.

LANDOFOZ\\TINMAN> CLOSE OPEN_FILE 4
The user DOT has opened the resource for Write.
Are you sure you want to close TINMAN$DKA1:[SHARES.S1]A.TXT ?
[YES or NO] (YES) :
%PWRK-S-FILECLOSE, file with resource ID 4 on server "TINMAN" closed
This example closes the resource that has ID 4 on the server currently
being administered (TINMAN). By default, confirmation is required before
the resource is closed.

LANDOFOZ\\TINMAN> CLOSE OPEN_FILE *
Some of the users have resources open for Write. Closing those open
resources may result in loss of data.
Are you sure you want to close all open resources ? [YES or NO]
(YES) :
%PWRK-S-FILECLOSE, file with resource ID 2 on server "TINMAN" closed
%PWRK-S-FILECLOSE, file with resource ID 6 on server "TINMAN" closed
%PWRK-E-ERRCLSFILE, error closing file ID 9997
-LM-E-NERR_FILEIDNOTF, there isn’t an open file with that ID number
%PWRK-E-ERRCLSFILE, error closing file ID 9999
-LM-E-NERR_FILEIDNOTF, there isn’t an open file with that ID number
%PWRK-E-ERRCLSFILE, error closing file ID 9998
-LM-E-NERR_FILEIDNOTF, there isn’t an open file with that ID number
%PWRK-E-ERRCLSFILE, error closing file ID 10000
-LM-E-NERR_FILEIDNOTF, there isn’t an open file with that ID number
This example closes all open shared files on server TINMAN. The named
pipes (system or administrative resources) are not closed, because they are
being used to process the command.

ADMINISTER Commands 2–45

ADMINISTER Commands
CLOSE SESSION

CLOSE SESSION
Disconnects one or all of the sessions currently established to a server.

Format
CLOSE SESSION computer-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
SHOW SESSIONS

Parameters
computer-name
Specifies the name of the computer for which sessions are to be closed, or *
to close all sessions. Use the SHOW SESSIONS command to display a list of
active sessions.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server on which to close the sessions. The default is
the server currently being administered.
/USERNAME=user-name
Specifies the name of the user whose session is to be closed. If you do not
specify the user name, then all sessions from the specified computer are closed.
2–46 ADMINISTER Commands

ADMINISTER Commands
CLOSE SESSION

Example
LANDOFOZ\\TINMAN> CLOSE SESSION DOROTHY/USERNAME=LION
Do you really want to close session on "DOROTHY" [YES or NO] (YES) :
%PWRK-S-SESSCLSCU, session from "DOROTHY" for user "LION" closed
This example closes any sessions established to the server TINMAN from the
computer named DOROTHY for the user named LION.

ADMINISTER Commands 2–47

ADMINISTER Commands
CONTINUE PRINT QUEUE

CONTINUE PRINT QUEUE
Continues a currently paused OpenVMS Advanced Server print queue. Use the
SHOW PRINT QUEUES command to display the list of available queues. This
command performs the same function as the SET PRINT QUEUE queue-name
/CONTINUE command and is valid only to Compaq OpenVMS servers.

Format
CONTINUE PRINT QUEUE queue-name [/qualifier]

Restrictions
Use of this command requires membership in the Administrators, Server
Operators, or Print Operators local group.

Related Commands
ADD PRINT QUEUE
PAUSE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES

Parameters
queue-name
Specifies the name of the OpenVMS Advanced Server print queue for which to
continue printing.

Qualifiers
/SERVER=server-name
Specifies the name of the server where the specified OpenVMS Advanced
Server print queue is defined. The default is the server currently being
administered.

Example
LANDOFOZ\\TINMAN> CONTINUE PRINT QUEUE LN03
%PWRK-S-QUESET, queue "LN03" continued on server "TINMAN"
This example continues the paused print queue LN03 on the server currently
being administered (TINMAN).

2–48 ADMINISTER Commands

ADMINISTER Commands
CONTINUE SERVICE

CONTINUE SERVICE
Continues a currently paused network service. Use the SHOW SERVICES
command to display a list of available services.

Format
CONTINUE SERVICE servicename [/qualifier]

Restrictions
Use of this command requires membership in the Administrators local group
or the Server Operators local group.

Related Commands
PAUSE SERVICE
SHOW SERVICES
START SERVICE
STOP SERVICE

Parameters
servicename
Specifies the name of the network service to continue.

Qualifiers
/SERVER=server-name
Specifies the name of the server on which to continue the service. The default
is the server currently being administered.

Example
LANDOFOZ\\TINMAN> CONTINUE SERVICE NETLOGON
This command continues the NetLogon service on the server currently being
administered (TINMAN).

ADMINISTER Commands 2–49

ADMINISTER Commands
COPY GROUP

COPY GROUP
Adds a new group based upon an existing group. In many situations, it may
be quicker and more convenient to copy an existing group than it would be to
create an entirely new one. One major benefit of copying a group is that the
new group will have the same members as does the original group. However,
the permissions and rights of the original group are not copied to the new
group. The new group will be of the same type (local or global) as the original
group. All attributes of the old group are copied to the new group, except for
those overridden by qualifiers.

Format
COPY GROUP group-name newgroup-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
ADD GROUP
MODIFY GROUP
REMOVE GROUP
SHOW GROUPS

Parameters
group-name
Specifies the name of the existing group to be copied.
newgroup-name
Specifies the name for the new group to be created, and can be 1 to 20
characters in length. The new group name cannot be identical to any other
group or user name of the domain or server being administered.

Qualifiers
/ADD_MEMBERS=([domain-name\]member-name[,...])
Adds the specified members to the new group and does not change any existing
membership in the group.

2–50 ADMINISTER Commands

ADMINISTER Commands
COPY GROUP
If the group being copied is a local group, you can add user accounts and global
groups from the domain being administered and from domains it trusts. To
specify a user account or global group in a trusted domain, enter a domainqualified name (domain-name\member-name), such as KANSAS\DOLE,
where KANSAS is the name of the trusted domain, and DOLE is the user or
group name defined in the trusted domain. If you omit the domain name, it
is assumed that the user account or group is defined in the domain currently
being administered.
If the group being copied is a global group, you can add user accounts only
from the domain being administered.
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the group. Enclose the string in quotation marks if
it contains lowercase letters, blanks (spaces) or other nonalphanumeric
characters. /NODESCRIPTION, the default, indicates that the description is to
be blank.
/DOMAIN=domain-name
Specifies the name of the domain from and to which the group is to be copied.
The default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/REMOVE_MEMBERS=([domain-name\ ]member-name[,...])
Removes the specified members from the group and does not change any
existing membership for unspecified members.
If the group being copied is a local group, you can remove user accounts and
global groups from the domain being administered and from domains it trusts.
To specify a user account or global group in a trusted domain, enter a domainqualified name (domain-name\member-name), such as KANSAS\DOLE,
where KANSAS is the name of the trusted domain, and DOLE is the user or
group name defined in the trusted domain. If you omit the domain name, it
is assumed that the user account or group is defined in the domain currently
being administered.
If the group being copied is a global group, you can remove user accounts only
from the domain being administered.
/SERVER=server-name
Specifies the name of a server that is a member of the domain from and to
which the group is to be copied. Do not specify both /DOMAIN and /SERVER
on the same command line.

ADMINISTER Commands 2–51

ADMINISTER Commands
COPY GROUP

Example
LANDOFOZ\\TINMAN> COPY GROUP MUNCHKINS OZ _LANDOFOZ\\TINMAN> /DESCRIPTION="The Land of OZ" _LANDOFOZ\\TINMAN> /ADD_MEMBERS=(WIZARD,"Good Witch")
%PWRK-S-GROUPCOPY, group "MUNCHKINS" copied to "OZ" in domain
"LANDOFOZ"
This example creates a new group called OZ based upon the characteristics
and memberships of the existing group MUNCHKINS. The new group has the
description "The Land of OZ". It contains any existing members of the group
MUNCHKINS, with new members WIZARD and Good Witch added.

2–52 ADMINISTER Commands

ADMINISTER Commands
COPY USER

COPY USER
Adds a new user account based upon an existing user account. In many
situations, it may be quicker and more convenient to copy an existing user
account than it would be to create an entirely new one. One major benefit
of copying a user account is that group memberships are copied to the new
account. However, the permissions and built-in abilities of the original user
account are not copied to the new user account. The new user account will
be of the same type (local or global) as the original user account. All other
attributes of the old user account are copied to the new user account, except for
those overridden by qualifiers.

Format
COPY USER user-name new-user-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group. Only a member of the Administrators local group can
add users to the Administrator’s local group.

Related Commands
ADD USER
MODIFY USER
REMOVE USER
SHOW USERS

Parameters
user-name
Specifies the name of the existing user account to be copied.
new-user-name
Specifies the name for the new user account to be created, and can be 1 to 20
characters in length. The new user account name cannot be identical to any
other user account or group name in the domain or server being administered.

ADMINISTER Commands 2–53

ADMINISTER Commands
COPY USER

Qualifiers
/ADD_TO_GROUPS=(group-name[,...])
Adds the user as a member of the specified local or global groups and does not
change any existing membership in unspecified groups.
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the user. Enclose the string in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION indicates that the description is to be blank.
/DOMAIN= domain-name
Specifies the name of the domain from and to which the user account is to be
copied. The default is the domain currently being administered. Do not specify
both /DOMAIN and /SERVER on the same command line.
/EXPIRATION_DATE=date
/NOEXPIRATION_DATE
Specifies whether the account has an expiration date and, if so, the date the
account is to expire. The date is specified in the standard OpenVMS date
format (dd-mmm-yyyy). /NOEXPIRATION_DATE, the default, specifies that
the account will not have an expiration date, and therefore will never expire.
/FLAGS=(option[,...])
Specifies the logon flags for the user account. All flags are copied from the
original user except DISUSER. Precede the option keyword with NO to clear
the specified flag. The option keyword can be one or more of the following:

2–54 ADMINISTER Commands

ADMINISTER Commands
COPY USER
Option

Description

[NO]DISPWDEXPIRATION
Prevents the password from expiring, overriding the Maximum
Password Age setting for the account policy. Select this option for
user accounts that will be assigned to services. Selection of this
option overrides the PWDEXPIRED option. Do not specify the
DISPWDEXPIRATION and PWDEXPIRED options in the same
command line.
[NO]DISUSER
Disables the account so the user cannot log on. You might disable
a new account to create an inactive template account that can be
copied to create new accounts. Or, you might temporarily disable
an account if it does not need to be used until a later date. The
built-in Administrator account cannot be disabled.
[NO]PWDEXPIRED
The password is initially expired. This forces the user to change
the password at the first logon. Do not specify the PWDEXPIRED
option in the same command line with either the PWDLOCKED
or the DISPWDEXPIRATION option.
[NO]PWDLOCKED
Prevents the user from changing the password. This option
is usually applied only to user accounts used by more than
one person, such as the Guest account. Do not specify the
PWDLOCKED and PWDEXPIRED options in the same command
line.
/FULLNAME=full-user-name
/NOFULLNAME
The full name is the user’s complete name, and can be up to 256 characters in
length. Enclose the string in quotation marks to preserve case (the default is
uppercase). It is a good idea to establish a standard for entering full names,
so that they always begin with either the first name (Louise G. Morgan) or the
last name (Morgan, Louise G.), because the full name can be used to determine
the sorting order in the SHOW USERS command. /NOFULLNAME specifies a
blank full name.
/GLOBAL
Specifies that the account is to be a global account. User accounts can be either
global or local. Most accounts are global accounts. A global account is a normal
user account in the user’s home domain. A local account is an account provided

ADMINISTER Commands 2–55

ADMINISTER Commands
COPY USER
in this domain for a user whose global account is not in a trusted domain. The
default is to create a global account.
/HOME=(option[,...])
/NOHOME
Specifies a user’s home directory information. A home directory is a directory
that is accessible to a user and contains files and programs for the user. This
feature applies only when the user logs on from a Windows NT client. The
specified home directory becomes the Windows NT user’s default directory for
the File Open and Save As dialog boxes, for the command prompt, and for all
applications that do not have a working directory defined. A home directory
can be assigned to a single user or it can be shared by many users. A home
directory can be a shared network directory or a local directory on a user’s
workstation.
If you specify a network path for the home directory, you must also specify a
drive letter to be assigned to the path when the user logs on. If the specified
directory does not exist, an attempt will be made to create it. If the directory
cannot be created, a message will be issued instructing you to manually create
the directory.
If you specify a local path for the home directory, do not include the drive
letter. You must manually create the directory if it does not exist. /NOHOME,
the default, specifies that the user will not have a home directory. The option
keyword can be one or more of the following:
Option

Description

2–56 ADMINISTER Commands

ADMINISTER Commands
COPY USER
/HOURS=(logon-time[,...])
/NOHOURS
Specifies the days and hours when the user can connect to a server.
/NOHOURS specifies that the user cannot connect at any time of any day.
Specify logon-time in the following format:
day=([n-m],[n],[*])
where n and m are hours of the day, and day is any one of the following:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY,
SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL
Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock.
You can specify a single hour (n), ranges of hours (n-m), or all hours of the day
(*). Note that hours are inclusive; that is, if you grant access during a given
hour, access extends to the end of that hour. If you specify no hours, all hours
are allowed for the specified days.
/LOCAL
Specifies that the account is to be a local account. User accounts can be either
global or local. A global account is a normal user account in the user’s home
domain. A local account is an account provided in this domain for a user whose
global account is not in a trusted domain. The default is to create a global
account.
/PASSWORD[="password"]
/NOPASSWORD
Specifies the password for the new user account. Passwords are case sensitive,
and can be up to 14 characters in length. The minimum length is set by using
the SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command.
The default is 0, which permits a blank password. Passwords entered on the
command line are converted to uppercase unless enclosed within quotation
marks. If the password you specify contains lowercase letters, blanks (spaces),
or other nonalphanumeric characters, enclose it in quotation marks, unless
you enter the password in response to the password prompt. (If you enclose
the password in quotation marks at the password prompt, the quotation marks
become part of the password.) If you enter /PASSWORD with no value, or
with a value of *, you are prompted for a password and a confirmation, which
will not be displayed as they are entered. /NOPASSWORD specifies that the
account will have a blank password. The password is not copied from the
original user account; therefore, if an account is copied without specifying a
new password, the new user account will receive a blank password.

ADMINISTER Commands 2–57

ADMINISTER Commands
COPY USER
With /NOPASSWORD, the default is /FLAGS=NOPWDEXPIRED so that the
user is not prompted for a password. However, you can override this default
for /NOPASSWORD by specifying the /FLAGS=PWDEXPIRED qualifier.
/PRIMARY_GROUP=group-name
Sets the user account’s primary group. A primary group is used when a user
logs on using Windows NT Services for Macintosh, or runs POSIX applications.
group-name must be a global group of which the user is a member.
/PROFILE=profile-path
/NOPROFILE
Specifies a path for an optional user profile. The path should be a network
path that includes a file name. The file name can be that of a personal user
profile (.USR file name extension) or a mandatory user profile (.MAN file name
extension). For example, you might enter:
/PROFILE="\\eng\ profiles\johndoe.usr"
/NOPROFILE specifies that the user will not have a profile.
/REMOVE_FROM_GROUPS=(group-name[,...])
Removes the user as a member of the specified local or global groups and does
not change any existing membership in unspecified groups. A user account
cannot be removed from membership in its primary group.
/SCRIPT=script-name
/NOSCRIPT
Specifies a name for an optional logon script that runs each time the user logs
on. A logon script can be a batch file (.BAT or .CMD file name extension) or
an executable program (.EXE file name extension). A single logon script can
be assigned to one or more user accounts. When a user logs on, the server
authenticating the logon locates the logon script by following the server’s logon
script path in the \netlogon share. The script-name specifies a file relative to
that path. /NOSCRIPT specifies that the user will have no logon script.
/SERVER=server-name
Specifies the name of a server that is a member of the domain from and to
which the user account is to be copied. Do not specify both /DOMAIN and
/SERVER on the same command line.
/WORKSTATIONS=(workstation-name[,...])
Specifies up to eight workstations from which the user can log on to the
domain. The workstation-name is a 1 to 15 character name of a workstation.
You may use an asterisk (*) for the workstation-name to specify all
workstations.

2–58 ADMINISTER Commands

ADMINISTER Commands
COPY USER

Example
LANDOFOZ\\TINMAN> COPY USER LION HEART/PASSWORD=GOLD
%PWRK-S-USERCOPY, user "LION" copied to "HEART" in domain
"LANDOFOZ"
This example creates a new user account called HEART based upon the
existing user LION. All the user characteristics and group memberships are
copied to the new user account. The password for the new account is set to
GOLD.

ADMINISTER Commands 2–59

ADMINISTER Commands
EXIT

EXIT
Exits from the ADMINISTER user interface.

Format
EXIT

Restrictions
None

Example
LANDOFOZ\\TINMAN> EXIT
$
This example exits from the ADMINISTER user interface so you can enter
OpenVMS DCL commands.

2–60 ADMINISTER Commands

ADMINISTER Commands
HELP

HELP
Invokes the OpenVMS help facility to provide information about a command or
topic.

Format
HELP

[topic /qualifier]

Restrictions
None

Parameters
topic
Specifies the command or topic for which help is desired.

Qualifiers
/PAGE
/NOPAGE
Controls whether output to the screen stops after each screenfull (page) of
information is displayed. The /PAGE qualifier is the default. If you specify
/NOPAGE, output continues until the information display ends or until you
manually control the scrolling.

Examples
1.

$ ADMINISTER HELP ADD
ADD
Additional information available:
COMPUTER

GROUP

HOSTMAP

TRUST

USER

ADD Subtopic?
This example displays information about using the ADMINISTER ADD
command from OpenVMS system command level.

ADMINISTER Commands 2–61

ADMINISTER Commands
HELP
2.

$ ADMINISTER
LANDOFOZ\\TINMAN> HELP ADD
ADD
Additional information available:
COMPUTER

GROUP

HOSTMAP

TRUST

USER

ADD Subtopic?
This example shows how to enter the HELP ADD command while you are
using the ADMINISTER command-line interface.

2–62 ADMINISTER Commands

ADMINISTER Commands
LOGIN

ADMINISTER Commands 2–63

ADMINISTER Commands
LOGOFF

LOGOFF
Logs the current user off the network. Logging off ensures that no one can
use your account to gain access to shared network resources. You may use
LOGOUT as a synonym for the LOGOFF command.
After a successful logoff, the domain and server being administered is
recomputed. The domain name is set to the local server’s domain, and the
server name is set to the name of the local server.

Format
LOGOFF

Restrictions
None

Related Commands
LOGON

Example
LANDOFOZ\\TINMAN> LOGOFF
SCARECROW was logged off successfully.
This example assumes that the user SCARECROW was logged on to the
network. The LOGOFF command logs SCARECROW off the network.

2–64 ADMINISTER Commands

ADMINISTER Commands
LOGON

LOGON
Logs a user on to the network and sets the user name and password used for
further network access. You may use LOGIN as a synonym for the LOGON
command.
If a user is currently logged on, a warning is issued and an option is given
to log the current user off before logging the new user on. After a successful
logon, the domain and server being administered is recomputed. The domain
name is set to the name of the domain to which you have logged on. The server
name is set to the name of the local server, if the local server is a member of
the logged on domain; otherwise, the server name is set to the name of the
primary domain controller of the logged on domain.

Format
LOGON [user-name [password]] [/qualifier]

Restrictions
See the restrictions described for the LOGON password parameter.

Related Commands
LOGOFF

Parameters
user-name
Specifies the user name by which you are identified on the network. If you do
not enter a user name, a prompt appears.
password
Specifies the password for the user account. The password is displayed as you
enter it. If you do not enter a password, or you enter it as an asterisk (*), a
prompt appears. The password is not displayed as you enter it in response
to the prompt. If your password contains lowercase letters, blanks (spaces),
or other nonalphanumeric characters, enclose it in quotation marks, unless
you enter it in response to the password prompt. Passwords entered on the
command line are accepted as uppercase characters unless they are enclosed
within quotation marks. However, if you are prompted for a new password
because your password has expired, the password you enter will be accepted as
caseless. If you want your new password to include lowercase letters, you must
use the MODIFY USER command with the /PASSWORD qualifier to define
ADMINISTER Commands 2–65

ADMINISTER Commands
LOGON
the new password. (The MODIFY USER command requires administrative
privileges.)

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain to which you want to log on. This is called
the logon domain. By default, the domain name is the name of the local
server’s domain.

Examples
1.

LANDOFOZ\\TINMAN> LOGON SCARECROW "OverTheRainbow"
The server \\TINMAN successfully logged you on as Scarecrow.
Your privilege level on domain LANDOFOZ is user.
The last time you logged on was 10/08/00 07:48 PM.
This example logs on the user named SCARECROW to the domain
LANDOFOZ. Because the password contains lowercase letters, it is
enclosed in quotation marks.

LANDOFOZ\\TINMAN> LOGON
Username: LION
Password:
The server \\TINMAN successfully logged you on as Lion.
Your privilege level on domain LANDOFOZ is ADMIN.
The last time you logged on was 10/08/00 07:50 PM.
This example logs on the user named LION to the domain LANDOFOZ.
Because the user name and password were not specified on the command
line, prompts are issued. The password is not displayed as it is entered.
If the password includes lowercase letters, do not include the password in
quotation marks.

2–66 ADMINISTER Commands

ADMINISTER Commands
LOGOUT

LOGOUT
LOGOUT is a synonym for the LOGOFF command. See the LOGOFF
command for further information.

ADMINISTER Commands 2–67

ADMINISTER Commands
MODIFY GROUP

MODIFY GROUP
Changes the attributes and memberships of an existing local or global group.

Format
MODIFY GROUP group-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
ADD GROUP
COPY GROUP
REMOVE GROUP
SHOW GROUPS

Parameters
group-name
Specifies the name of an existing local or global group that you wish to modify.

Qualifiers
/ADD_MEMBERS=([domain-name\]member-name[,...])
Adds the specified members to the group and does not change any existing
membership for unspecified members.
If the group being modified is a local group, you can add user accounts and
global groups from the domain being administered and from domains it trusts.
To specify a user account or global group in a trusted domain, enter a domainqualified name (domain-name\member-name), such as KANSAS\DOLE,
where KANSAS is the name of the trusted domain, and DOLE is the user or
group name defined in the trusted domain. If you omit the domain name, the
user account or group is assumed to be defined in the domain currently being
administered.
If the group being modified is a global group, you can add user accounts only
from the domain being administered.

2–68 ADMINISTER Commands

ADMINISTER Commands
MODIFY GROUP
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the group. Enclose the string in quotation marks if
it contains lowercase letters, blanks (spaces) or other nonalphanumeric
characters. /NODESCRIPTION indicates that the description is to be blank. If
the /DESCRIPTION qualifier is not specified, the current description remains
unchanged.
/DOMAIN=domain-name
Specifies the name of the domain in which to modify the group. The default is
the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/REMOVE_MEMBERS=([domain-name\ ]member-name[,...])
Removes the specified members from the group and does not change any
existing membership for unspecified members.
If the group being modified is a local group, you can remove user accounts and
global groups from the domain being administered and from domains it trusts.
To specify a user account or global group in a trusted domain, enter a domainqualified name (domain-name\member-name), such as KANSAS\DOLE,
where KANSAS is the name of the trusted domain, and DOLE is the user or
group name defined in the trusted domain. If you omit the domain name, the
user account or group is assumed to be defined in the domain currently being
administered.
If the group being modified is a global group, you can remove user accounts
only from the domain being administered.
/SERVER=server-name
Specifies the name of a server that is a member of the domain in which to
modify the group. Do not specify both /DOMAIN and /SERVER on the same
command line.

Example
LANDOFOZ\\TINMAN> MODIFY GROUP MUNCHKINS/REMOVE_MEMBERS=SCARECROW
%PWRK-S-GROUPMOD, group "MUNCHKINS" modified on domain "LANDOFOZ"
This example removes the user SCARECROW from the group MUNCHKINS.

ADMINISTER Commands 2–69

ADMINISTER Commands
MODIFY SHARE

MODIFY SHARE
Modifies attributes of an existing directory or print share.

Format
MODIFY SHARE share-name [/qualifiers]

Restrictions
Membership in the Administrators, Account Operators, or Server Operators
local group is required to administer directory and print shares. Print shares
may also be administered by members of the Print Operators group.

Related Commands
ADD SHARE/DIRECTORY
ADD SHARE/PRINT
REMOVE SHARE
SHOW SHARES

Parameters
share-name
Specifies the name of an existing directory or print share that you wish to
modify.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before removing all
permissions from a share. The default is /CONFIRM if running in interactive
mode. When the prompt is issued, the default response is shown, and you may
accept the default by pressing Return or Enter. If you type YES, TRUE, or
1, the operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no
action is performed. If you type anything else, the prompt is repeated until you
type an acceptable response. No prompt for confirmation is issued if running
in batch mode.

2–70 ADMINISTER Commands

ADMINISTER Commands
MODIFY SHARE
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information
about the share. Compaq recommends that you limit the string length
to 32 characters. Enclose the string in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION indicates that the description is to be blank. If the
/DESCRIPTION qualifier is not specified, the current description remains
unchanged.
/HOST_ATTRIBUTES=(attribute-type[,...])
Sets host-system-specific attributes for the share. Host attributes are valid
only for directory shares on Compaq OpenVMS servers. For the value of
attribute-type, you can specify one or more of the keywords DIRECTORY_
PROTECTION, FILE_PROTECTION, and RMS_FORMAT, as follows:
DIRECTORY_PROTECTION=(ownership:access[,...])

Description

OWNER
GROUP
WORLD

File owner (also applies to SYSTEM)
Users in same UIC group
All other users

Specify the access keyword as any combination of the following:
Access

Description

ADMINISTER Commands 2–71

ADMINISTER Commands
MODIFY SHARE
DIRECTORY_PROTECTION=(ownership:access[,...])

Owner access is also applied to SYSTEM. The default RMS directory
protection is OWNER:RWED, GROUP:RWED, WORLD:RE.
FILE_PROTECTION=(ownership:access[,...])

Specifies the default OpenVMS RMS protections for files created in the
shared directory. The protection of existing files is not affected.
Specify the ownership keyword as any of the following:
Ownership

Description

OWNER
GROUP
WORLD

File owner (also applies to SYSTEM)
Users in same UIC group
All other users

Specify the access keyword as any combination of the following:
Access

Description

Owner access is also applied to SYSTEM. The default RMS file
protection is OWNER:RWD, GROUP:RWD, WORLD:R.
RMS_FORMAT=record-type

Specifies the OpenVMS RMS record format of files created in the shared
directory.

2–72 ADMINISTER Commands

ADMINISTER Commands
MODIFY SHARE
RMS_FORMAT=record-type

The record-type keyword can be one of the following:
Description
Record-type
SEQUENTIAL_FIXED
Files created in the shared directory are RMS
sequential files with fixed length 512 byte records.
STREAM
Files created in the shared directory are RMS stream
format files. This is the default.
UNDEFINED
Files created in the shared directory have no specific
RMS format. The format is defined by the application
writing the file.
/LIMIT=connect-limit
/NOLIMIT
Specifies the maximum number of users who can connect to the shared
directory at one time. /NOLIMIT, the default, specifies there is no maximum
connection limit.
/PERMISSIONS=([domain-name\]name=access[,...])
/NOPERMISSIONS
Specifies the access permissions for the directory share. These permissions
control network access to the directory share, and determine which users or
groups can access the shared directory, and the type of access they are allowed.
When a directory is shared, the default is to grant FULL access to everyone.
This permission allows anyone to do anything they wish to any of the files or
subdirectories in the directory tree.
Use the /PERMISSIONS qualifier to add permissions to a resource for
specified users or groups. Use the /NOPERMISSIONS qualifier to remove all
permissions for all or specified users or groups. If you remove all permissions
from a share, no one will be able to access it, and only the owner will be able
to change the permissions.
The permissions list name=access is a list of users and groups allowed to access
the shared resource, and the type of access granted to each user or group. It
must be enclosed in parentheses, and consists of one or more name=access
pairs, where name can be any valid user or group name from this or another
trusted domain.

ADMINISTER Commands 2–73

ADMINISTER Commands
MODIFY SHARE
To specify a user or group name in a trusted domain, enter the domainqualified name (domain-name\ name), such as KANSAS\DOLE, where
KANSAS is the name of the trusted domain, and DOLE is the user or group
name defined in the trusted domain. If you omit the domain name, the user
account or group is assumed to be defined in the domain of the server currently
being administered.
Access depends on the type of share being modified.
If the share is a directory share, access can be any one of the following:
Access

Description

NONE

Prevents any access to the shared directory, its subdirectories,
and their files
Allows viewing file names and subdirectory names, traversing
to subdirectories, viewing data in files, and running
applications
Allows viewing file names and subdirectory names, traversing
to subdirectories, viewing data in files, running applications,
adding files and subdirectories, changing data in files, and
deleting subdirectories and files
Allows viewing file names and subdirectory names, traversing
to subdirectories, viewing data in files, running applications,
adding files and subdirectories, changing data in files,
deleting subdirectories and files, changing file and directory
permissions, and taking ownership of files and directories

READ

CHANGE

FULL

2–74 ADMINISTER Commands

ADMINISTER Commands
MODIFY SHARE

If the share is a print share, access can be any one of the following:
Access

Description

NONE
Prevents any access to the printer
PRINT
Allows printing of documents
MANAGE_DOCUMENTS
Allows holding, releasing, and deleting of print jobs, and
changing the order in which jobs print
FULL
Allows printing of documents; holding, releasing, and deleting
of print jobs; changing the order in which jobs print; aborting
and restarting of jobs being printed; pausing, continuing, and
purging of the print queue; changing of print queue settings;
removal of the print queue; and changing of print resource
permissions
/SERVER=server-name
Specifies the name of the server on which to modify the shared resource. The
default is the server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> MODIFY SHARE TORNADO/NOPERMISSIONS=EVERYONE _LANDOFOZ\\TINMAN> /PERMISSIONS=(SCARECROW=FULL)/NOCONFIRM
%PWRK-S-SHAREMOD, share "TORNADO" modified on server "TINMAN"
This example modifies the directory share named TORNADO. All
permissions for the group EVERYONE are removed, and the user
SCARECROW is granted FULL access to the files and directories in
the share.

LANDOFOZ\\TINMAN> MODIFY SHARE TOTO/LIMIT=5/NOCONFIRM
%PWRK-S-SHAREMOD, share "TOTO" modified on server "TINMAN"
This example modifies the print share named TOTO. The maximum
connections allowed to the shared resource is set to 5.

ADMINISTER Commands 2–75

ADMINISTER Commands
MODIFY USER

MODIFY USER
Modifies the attributes and memberships of an existing local or global user
account.

Format
MODIFY USER user-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
ADD USER
COPY USER
REMOVE USER
SHOW USERS

Parameters
user-name
Specifies the name of an existing local or global user account that you wish to
modify.

2–76 ADMINISTER Commands

ADMINISTER Commands
MODIFY USER
/DOMAIN=domain-name
Specifies the name of the domain in which to modify the user account. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/EXPIRATION_DATE=date
/NOEXPIRATION_DATE
Specifies whether the account has an expiration date and, if so, the date the
account is to expire. The date is specified in the standard OpenVMS date
format (dd-mmm-yyyy). /NOEXPIRATION_DATE specifies that the account
will not have an expiration date, and therefore will never expire.
/FLAGS=(option[,...])
Specifies the logon flags for the user account. Precede the option keyword with
NO to clear the specified flag. The option keyword can be one or more of the
following:
Option

Description

ADMINISTER Commands 2–77

ADMINISTER Commands
MODIFY USER
Option

Description

[NO]PWDEXPIRED
The password is initially expired. This forces the user to
change the password at the next logon. PWDEXPIRED
is the default if you specify neither PWDEXPIRED nor
NOPWDEXPIRED. Do not specify the PWDEXPIRED option in
the same command line with either the PWDLOCKED or the
DISPWDEXPIRATION option.
[NO]PWDLOCKED
Prevents the user from changing the password. This option
is usually applied only to user accounts used by more than
one person, such as the Guest account. NOPWDLOCKED
is the default if you specify neither PWDLOCKED nor
NOPWDLOCKED. Do not specify the PWDLOCKED and
PWDEXPIRED options in the same command.
/FULLNAME="full_user_name"
/NOFULLNAME
The full name is the user’s complete name, and can be up to 256 characters in
length. Enclose the string in quotation marks to preserve case (the default is
uppercase). Establish a standard for entering full names, so that they always
begin with either the first name (Louise G. Morgan) or the last name (Morgan,
Louise G.), because the full name can affect the sorting order for the SHOW
USERS command. /NOFULLNAME specifies a blank full name.
/GLOBAL
Specifies that the account is to be a global account. User accounts can be either
global or local. Most accounts are global accounts. A global account is a normal
user account in the user’s home domain. A local account is an account provided
in this domain for a user whose global account is not in a trusted domain. Do
not specify both /GLOBAL and /LOCAL on the same command line.
/HOME=(option[,...])
/NOHOME
Specifies a user’s home directory information. A home directory is a directory
that is accessible to a user and contains files and programs for the user. This
feature applies only when the user logs on from a Windows NT client. The
specified home directory becomes the Windows NT user’s default directory for
the File Open and Save As dialog boxes, for the command prompt, and for all
applications that do not have a working directory defined. A home directory
can be assigned to a single user or it can be shared by many users.

2–78 ADMINISTER Commands

ADMINISTER Commands
MODIFY USER
A home directory can be a shared network directory or a local directory on a
user’s workstation. If you specify a network path for the home directory, you
must also specify a drive letter to be assigned to the path when the user logs
on. If the specified directory does not exist, an attempt will be made to create
it. If the directory cannot be created, a message will be issued instructing
you to manually create the directory. If you specify a local path for the home
directory, do not include a drive letter. You must manually create the directory
if it does not exist. /NOHOME, the default, specifies that the user will not
have a home directory.
The option keyword can be one or more of the following:
Option

Description

DRIVE=driveletter
Specifies the drive letter to use for connecting to the home
directory if the home directory specified in the PATH option is
a shared network directory. The driveletter can be from C to Z.
PATH=homepath
Specifies an optional home directory that is accessible to
the user and contains files and programs for the user. The
homepath must be an absolute path of a directory local to the
user’s workstation, or a UNC (Universal Naming Convention)
path of a shared network directory.
/HOURS=(logon-time[,...])
/NOHOURS
Specifies the days and hours when the user can connect to a server.
/NOHOURS specifies that the user cannot connect at any time of any day.
Specify logon-time in the following format:
day=([n-m],[n],[*])
where n and m are hours of the day, and day is any one of the following:
SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY,
SATURDAY, WEEKDAYS, WEEKENDS, EVERYDAY, ALL
Specify the hours as integers from 0 to 23, inclusive, using the 24-hour clock.
You can specify a single hour (n), ranges of hours (n-m), or all hours of the day
(*). Note that hours are inclusive; that is, if you grant access during a given
hour, access extends to the end of that hour. If you specify no hours, all hours
are allowed for the specified days.

ADMINISTER Commands 2–79

ADMINISTER Commands
MODIFY USER
/LOCAL
Specifies that the account is to be a local account. User accounts can be either
global or local. Most accounts are global accounts. A global account is a normal
user account in the user’s home domain. A local account is an account provided
in this domain for a user whose global account is not in a trusted domain.
/NAME=new-user-name
Specifies a new name for the user account. The user name can be from 1 to 20
characters in length, and cannot be identical to any other user or group name
in the domain or server being administered.
/PASSWORD[="password"]
/NOPASSWORD
Specifies the password for the user account. Passwords are case sensitive, and
can be up to 14 characters in length. The minimum length is set by using the
SET ACCOUNT POLICY/PASSWORD_POLICY=MINLENGTH= command.
The default is 0, which permits a blank password. Passwords entered on the
command line are converted to uppercase unless enclosed within quotation
marks. If the password you specify contains lowercase letters, blanks (spaces),
or other nonalphanumeric characters, enclose it in quotation marks, unless
you enter the password in response to the password prompt. (If you enclose
the password in quotation marks at the password prompt, the quotation
marks become part of the password.) If you enter /PASSWORD with no value,
or with a value of *, you are prompted for a password and a confirmation,
which will not be displayed as they are entered. /NOPASSWORD specifies
that the account will have a blank password. With /NOPASSWORD, the
default is /FLAGS=NOPWDEXPIRED so that the user is not prompted for a
password. However, you can override this default for /NOPASSWORD, such as
by specifying the /FLAGS=PWDEXPIRED qualifier.
/PRIMARY_GROUP=group-name
Sets the user account’s primary group. A primary group is used when a user
logs on using Windows NT Services for Macintosh, or runs POSIX applications.
The group-name must be a global group of which the user is a member.
/PROFILE=profile-path
/NOPROFILE
Specifies a path for an optional user profile. The path should be a network
path that includes a file name. The file name can be that of a personal user
profile (.USR file name extension) or a mandatory user profile (.MAN file name
extension). For example, you might enter:
/PROFILE="\\eng\ profiles\johndoe.usr"
/NOPROFILE specifies that the user will not have a profile.
2–80 ADMINISTER Commands

ADMINISTER Commands
MODIFY USER
/REMOVE_FROM_GROUPS=(group-name[,...])
Removes the user as a member of the specified local or global groups and does
not change any existing membership in unspecified groups. A user account
cannot be removed from membership in its primary group.
/SCRIPT=script-name
/NOSCRIPT
Specifies a name for an optional logon script that runs each time the user logs
on. A logon script can be a batch file (.BAT or .CMD file name extension) or
an executable program (.EXE file name extension). A single logon script can
be assigned to one or more user accounts. When a user logs on, the server
authenticating the logon locates the logon script by following the server’s logon
script path. The script-name specifies a file relative to that path. /NOSCRIPT
specifies that the user will have no logon script.
/SERVER=server-name
Specifies the name of a server that is a member of the domain in which to
modify the user. Do not specify both /DOMAIN and /SERVER on the same
command line.
/UNLOCK
Unlocks a user’s account. A user’s account is locked if the user has made a
specified number of failed attempts to log on (for example, using an invalid
password). Use the SET ACCOUNT POLICY command to specify the number
of failed attempts to allow.
/WORKSTATIONS=(workstation-name[,...])
Specifies up to eight workstations from which the user can log on to the
domain. The workstation-name is a 1 to 15 character name of a workstation.
You may use an asterisk (*) for the workstation name to specify all
workstations.

Example
LANDOFOZ\\TINMAN> MODIFY USER SCARECROW/ADD_TO_GROUPS=MUNCHKINS _LANDOFOZ\\TINMAN> /HOME=(DRIVE=D,PATH=\\TINMAN\USERS\SCARECROW)
%PWRK-S-USERMOD, user "SCARECROW" modified on domain "LANDOFOZ"
This example adds the user SCARECROW as a member of the MUNCHKINS
group, and sets the user’s home path to be \\TINMAN\USERS\SCARECROW,
which will be mapped to drive D on the user’s workstation.

ADMINISTER Commands 2–81

ADMINISTER Commands
NET

NET
The NET command accepts a subset of the LAN Manager Net commands and
attempts to perform the equivalent ADMINISTER command. This provides
some level of backward compatability with PATHWORKS LAN Manager
servers.

Format
NET [/qualifier] command-line

Parameters
command-line
Specifies the Net command line that you wish to process.

Qualifiers
/TRANSLATE
The /TRANSLATE qualifier must precede the command-line parameter. Use
it to display the equivalent ADMINISTER command without performing the
command action. This enables you to determine the equivalent command
without actually performing the command.

Examples
1.

LANDOFOZ\\TINMAN> NET/TRANSLATE ACCOUNT
Translated command is: SHOW ACCOUNT POLICY
This example translates the LAN Manager NET ACCOUNT command
into the equivalent ADMINISTER command and displays the resulting
translation without performing the command action.

LANDOFOZ\\TINMAN> NET ACCOUNT
Account Policy for domain "LANDOFOZ":
Minimum password age (days) : 1
Maximum password age (days) : 90
Minimum password length : 0
Length of password history maintained : None
Force user logoff after logon hours expire : NO
Lock out account after how many bad password attempts : Never
Role of server TINMAN : Primary Domain Controller

2–82 ADMINISTER Commands

ADMINISTER Commands
NET
This example translates the LAN Manager NET ACCOUNT command into
the equivalent ADMINISTER command (SHOW ACCOUNT POLICY) and
performs the command action.

ADMINISTER Commands 2–83

ADMINISTER Commands
PAUSE PRINT QUEUE

PAUSE PRINT QUEUE
Pauses a currently active OpenVMS Advanced Server print queue. Use the
SHOW PRINT QUEUES command to display the list of available queues. This
command performs the same function as the SET PRINT QUEUE queue-name
/PAUSE command.

Format
PAUSE PRINT QUEUE queue-name [/qualifiers]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command requires membership in the Administrators, Server Operators,
or Print Operators local group.

Related Commands
ADD PRINT QUEUE
CONTINUE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES

Parameters
queue-name
Specifies the name of the print queue for which to pause printing.

2–84 ADMINISTER Commands

ADMINISTER Commands
PAUSE PRINT QUEUE
/SERVER=server-name
Specifies the name of the server where the specified print queue resides. The
default is the server currently being administered.

Example
LANDOFOZ\\TINMAN> PAUSE PRINT QUEUE LN03/NOCONFIRM
%PWRK-S-QUESET, queue "LN03" paused on server "TINMAN"
This example pauses the print queue LN03 on the server currently being
administered (TINMAN). A confirmation is not required.

ADMINISTER Commands 2–85

ADMINISTER Commands
PAUSE SERVICE

PAUSE SERVICE
Pauses a currently active service. You can pause only the Server and NetLogon
services. Use the SHOW SERVICES command to display the available
services.
Pausing the Server service prevents users from making new connections to
the server’s shared resources; however, users who have already connected to
shared resources can continue to use the resources. Pausing the Server service
does not prevent users who are members of the Administrators group from
connecting to the service.
Pausing the NetLogon service prevents the server from synchronizing the
domain’s security accounts database. The server will not validate logons.

Format
PAUSE SERVICE servicename [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group
or the Server Operators local group. You cannot pause the Replicator and
Messenger services from the Advanced Server.

Related Commands
CONTINUE SERVICE
SHOW SERVICES
START SERVICE
STOP SERVICE

Parameters
servicename
Specifies the name of the service to pause.

2–86 ADMINISTER Commands

ADMINISTER Commands
PAUSE SERVICE
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server on which to pause the service. The default is
the server currently being administered.

Example
LANDOFOZ\\TINMAN> PAUSE SERVICE NETLOGON
Do you really want to pause service "NETLOGON" [YES or NO] (YES) : YES
%PWRK-S-SVCPAUSE, service "NETLOGON" paused on server "TINMAN"
This example pauses the NetLogon service on the server currently being
administered (TINMAN). A confirmation is required.

ADMINISTER Commands 2–87

ADMINISTER Commands
REMOVE COMPUTER

REMOVE COMPUTER
Removes a computer from a domain. The computer’s account is deleted from
the domain’s security database, and it can no longer participate in domain
security.

Format
REMOVE COMPUTER computer-name [/qualifiers]

Restrictions
Do not remove the primary domain controller for a domain. Use of this
command requires membership in the Administrators local group.

Related Commands
ADD COMPUTER
SET COMPUTER
SHOW COMPUTERS

Parameters
computer-name
Specifies the name of the computer to remove from the domain.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DOMAIN=domain-name
Specifies the name of the domain from which to remove the computer. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.

2–88 ADMINISTER Commands

ADMINISTER Commands
REMOVE COMPUTER
/SERVER=server-name
Specifies the name of a server that is a member of the domain from which
to remove the computer. Do not specify both /DOMAIN and /SERVER on the
same command line.

Example
LANDOFOZ\\TINMAN> REMOVE COMPUTER DOROTHY
Removing computer "DOROTHY" from domain "LANDOFOZ" will render it
incapable of authenticating domain logons until it is added to another
domain.
Do you want to continue with the removal [YES or NO] (YES) : YES
%PWRK-S-COMPREM, computer "DOROTHY" removed from domain "LANDOFOZ"
This example removes the computer named DOROTHY from the default
domain’s (LANDOFOZ) security database. A confirmation is displayed.

ADMINISTER Commands 2–89

ADMINISTER Commands
REMOVE GROUP

REMOVE GROUP
Permanently removes a local or global group from a domain’s security database.
Be sure you want to delete a group before you do so, because a deleted group
cannot be recovered. The server knows every group by its security identifier
(SID), a unique number that identifies it. If you delete a group and then create
another group with the same name, the new group will not have any of the
permissions that were previously granted to the old group, because the groups
have different SID numbers.

Format
REMOVE GROUP group-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group.

Related Commands
ADD GROUP
COPY GROUP
MODIFY GROUP
SHOW GROUPS

Parameters
group-name
Specifies the name of an existing group to be removed.

2–90 ADMINISTER Commands

ADMINISTER Commands
REMOVE GROUP
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DOMAIN=domain-name
Specifies the name of the domain from which to remove the group. The default
is the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/SERVER=server-name
Specifies the name of a server that is a member of the domain from which to
remove the group. Do not specify both /DOMAIN and /SERVER on the same
command line.

Example
LANDOFOZ\\TINMAN> REMOVE GROUP MUNCHKINS
Each group is represented by a unique identifier that is independent
of the group name. Once this group is deleted, even creating an
identically named group in the future will not restore access to
resources which currently name this group in the access control list.
Remove group "MUNCHKINS" [YES or NO] (YES) : YES
%PWRK-S-GROUPREM, group "MUNCHKINS" removed from domain "LANDOFOZ"
This example removes the group named MUNCHKINS from the default
domain (LANDOFOZ). A confirmation is required.

ADMINISTER Commands 2–91

ADMINISTER Commands
REMOVE HOSTMAP

REMOVE HOSTMAP
Removes a user account mapping between an Advanced Server user account
and an OpenVMS user account.

Format
REMOVE HOSTMAP [domain-name\]user-name [/qualifiers]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command requires membership in the Administrators local group.

Related Commands
ADD HOSTMAP
SHOW HOSTMAP

Parameters
[domain-name\ ]user-name
Specifies the Advanced Server or OpenVMS user account name whose mapping
is to be removed. To remove the mapping of a network user in a trusted
domain, specify the domain-qualified user name in the format domainname\user-name, such as KANSAS\DOLE, where KANSAS is the trusted
domain, and DOLE is the user name of the user account defined in the trusted
domain. If you omit the domain name, the user account is assumed to be
defined in the domain of the server currently being administered.

2–92 ADMINISTER Commands

ADMINISTER Commands
REMOVE HOSTMAP
/HOSTUSER
Indicates that the specified user name is an OpenVMS user name. All
Advanced Server user account mappings to the specified OpenVMS user
name will be removed.
Note that more than one Advanced Server user name may be mapped to a
single OpenVMS user name. Use the SHOW HOSTMAP command to check.
Removing the mappings for an OpenVMS user name may result in the removal
of more than one Advanced Server user name mapping.
Do not specify both /HOSTUSER and /NETUSER on the same command line.
/NETUSER
Indicates that the specified user name is an Advanced Server user name. The
account mapping for the specified Advanced Server user name will be removed.
This is the default if you specify neither /NETUSER nor /HOSTUSER. Do not
specify both /HOSTUSER and /NETUSER on the same command line.
/SERVER=server-name
Specifies the name of the server on which to remove the host account mapping.
The default is the server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> REMOVE HOSTMAP WITCH/NETUSER
Do you really want to remove host mapping for "WITCH" [YES or NO] (YES) :
%PWRK-S-HOSTMAPREM, mapping for user "WITCH" removed
This example removes the user account mapping for the Advanced Server
user name WITCH on the server currently being administered (TINMAN).
A confirmation is required.

LANDOFOZ\\TINMAN> REMOVE HOSTMAP STRAWMAN/HOSTUSER/NOCONFIRM
%PWRK-S-HOSTMAPSREM, mappings to user "STRAWMAN" removed
This example removes all Advanced Server user account mappings to
the OpenVMS user name STRAWMAN on the server currently being
administered (TINMAN). A confirmation is not required.

ADMINISTER Commands 2–93

ADMINISTER Commands
REMOVE PRINT QUEUE

REMOVE PRINT QUEUE
Removes an existing OpenVMS Advanced Server print queue.
Before deleting a printer queue (one that points directly to an OpenVMS
execution queue), execute the following commands, in the order shown:
1. PAUSE PRINT QUEUE — to pause the print queue. You do not have to
pause a routing queue before deleting it. (When you use the REMOVE
PRINT QUEUE command to delete a print queue, the queue is not deleted
until all jobs in that queue complete.)
2. REMOVE PRINT QUEUE — to delete any routing queues that point to the
printer queue.
Then, use the REMOVE PRINT QUEUE command to delete the printer queue.
To delete a print queue and all pending jobs in that queue except the job
currently printing, first use the SET PRINT QUEUE/PURGE command
to delete the pending print jobs, then use the REMOVE PRINT QUEUE
command.
To remove a print queue and all jobs in its queue, including the one currently
printing, use the following commands, in the order shown:
1. SET PRINT QUEUE/PURGE — to delete all pending print jobs.
2. SET PRINT JOB/DELETE — to delete the currently printing job.
3. REMOVE PRINT QUEUE — to delete the queue.

Format
REMOVE PRINT QUEUE queue-name [/qualifiers]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command requires membership in the Administrators, Server Operators,
or Print Operators local group.
You can delete only those queues created by the Advanced Server. You
cannot use ADMINISTER commands to delete a queue created by DECprint
Supervisor for OpenVMS or OpenVMS software.
If Windows NT printer management is enabled on the server, do not use the
REMOVE PRINT QUEUE command on the Advanced Server for OpenVMS.
Use Windows NT print services.

2–94 ADMINISTER Commands

ADMINISTER Commands
REMOVE PRINT QUEUE

Related Commands
ADD PRINT QUEUE
CONTINUE PRINT QUEUE
PAUSE PRINT QUEUE
SET PRINT QUEUE
SHOW PRINT QUEUES

Parameters
queue-name
Specifies the name of the print queue to remove.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server from which to remove the print queue. The
default is the server currently being administered.

Example
LANDOFOZ\\TINMAN> REMOVE PRINT QUEUE TOTO
Do you really want to remove print queue "TOTO" [YES or NO] (YES) : YES
%PWRK-S-QUEREM, queue "TOTO" removed from server "TINMAN"
This example removes the print queue TOTO from the server currently being
administered (TINMAN). A confirmation is required.

ADMINISTER Commands 2–95

ADMINISTER Commands
REMOVE SHARE

REMOVE SHARE
Removes an existing directory or print share from a server’s share database.
The resource will no longer be available to the network.

Format
REMOVE SHARE share-name [/qualifiers]

Restrictions
Membership in the Administrators, Account Operators, or Server Operators
local group is required to administer directory shares. Members of the Print
Operators local group may administer print shares.

Related Commands
ADD SHARE/DIRECTORY
ADD SHARE/PRINT
MODIFY SHARE
SHOW SHARES

Parameters
share-name
Specifies the name of the share to remove.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server from which to remove the share. The default
is the server currently being administered.

2–96 ADMINISTER Commands

ADMINISTER Commands
REMOVE SHARE

Example
LANDOFOZ\\TINMAN> REMOVE SHARE RAINBOW
Do you really want to remove share "RAINBOW" [YES or NO] (YES) : YES
%PWRK-S-SHAREREM, share "RAINBOW" removed from server "TINMAN"
This example removes the share named RAINBOW from the server currently
being administered (TINMAN). A confirmation is required.

ADMINISTER Commands 2–97

ADMINISTER Commands
REMOVE TRUST

REMOVE TRUST
Removes the specified domain from the list of domains this domain trusts, or
the list of domains that are allowed to trust this domain.
Removing a trust relationship requires two steps on each of the two domains:
one domain must stop trusting a second domain, and the second domain must
stop permitting the first domain to trust it. Never remove a trust relationship
by performing just one of the steps.
When removing a trust relationship, always administer both domains. Once
a trust relationship is established, the password used to establish the trust
is changed by the system. Because of this, you cannot remove one side of an
established trust relationship, and then later reestablish that trust using the
original password. You must always remove both sides of a trust relationship,
and then completely reestablish it.

Format
REMOVE TRUST trust-domain [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
ADD TRUST
SHOW TRUSTS

Parameters
trust-domain
Specifies the name of the domain for which to remove a trust relationship.

2–98 ADMINISTER Commands

ADMINISTER Commands
REMOVE TRUST
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DOMAIN=domain-name
Specifies the name of the domain from which to remove the trust relationship.
The default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/PERMITTED
Specifies that the domain should be removed from the list of domains that are
permitted to trust this domain. Be sure to administer the specified domain and
remove this domain from its list of trusted domains. You must specify either
the /PERMITTED or /TRUSTED qualifier, but not both.
/SERVER=server-name
Specifies the name of a server that is a member of the domain from which to
remove the trust relationship. Do not specify the /SERVER qualifier with the
/DOMAIN qualifier.
/TRUSTED
Specifies that the domain should be removed from the list of domains that this
domain trusts. Be sure to administer the specified domain and remove this
domain from its list of permitted-to-trust domains. You must specify either the
/PERMITTED or /TRUSTED qualifier, but not both.

Examples
The following two examples together show how to remove a one-way
trust relationship between the domain currently being administered
(LANDOFOZ) and the domain called KANSAS. After this trust relationship
has been removed, users in the KANSAS domain will no longer have access
to resources in the LANDOFOZ domain.
1.

LANDOFOZ\\TINMAN> REMOVE TRUST KANSAS/TRUSTED
Removing domain "KANSAS" from the Trusted Domains List will prevent
users in domain "KANSAS" from accessing resources in domain
"LANDOFOZ". If you choose to continue, you must also administer
domain "KANSAS" and remove "LANDOFOZ" from its list of Permitted
Domains.
Do you want to continue with the removal [YES or NO] (YES) : YES
%PWRK-S-TRUSTREM, trust between domains "LANDOFOZ" and "KANSAS"
removed
This example removes the domain KANSAS from the list of trusted

ADMINISTER Commands 2–99

ADMINISTER Commands
REMOVE TRUST
domains on the domain currently being administered (LANDOFOZ). A
confirmation is required.
2.

LANDOFOZ\\TINMAN> REMOVE TRUST LANDOFOZ/DOMAIN=KANSAS/PERMITTED
Removing domain "LANDOFOZ" from the Permitted Domains List will
prevent users in domain "KANSAS" from accessing resources in domain
"LANDOFOZ". If you choose to continue, you must also administer
domain "LANDOFOZ" and remove "KANSAS" from its list of Trusted
Domains.
Do you want to continue with the removal [YES or NO] (YES) : YES
%PWRK-S-TRUSTREM, trust between domains "KANSAS" and "LANDOFOZ"
removed
This example removes the domain LANDOFOZ from the list of permittedto-trust domains on the domain called KANSAS. This completes the
removal of the trust relationship between domains LANDOFOZ and
KANSAS initiated in the first example. A confirmation is required.

2–100 ADMINISTER Commands

ADMINISTER Commands
REMOVE USER

REMOVE USER
Permanently removes a user from a domain’s security database.
Be sure you want to remove a user before you do so, because you cannot
recover a deleted user account. The server knows every user account by its
security identifier (SID), a unique number that identifies it. If you delete a
user account and then create another user account with the same name, the
new user account will not have any of the permissions that were previously
granted to the old user account, because the user accounts have different SID
numbers.

Format
REMOVE USER user-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Account
Operators local group. Only members of the Administrators local group can
remove an Administrators privilege account.

Related Commands
ADD USER
COPY USER
MODIFY USER
SHOW USERS

Parameters
user-name
Specifies the name of the user account that you wish to remove.

ADMINISTER Commands 2–101

ADMINISTER Commands
REMOVE USER
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DOMAIN=domain-name
Specifies the name of the domain from which to remove the user account.
The default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/SERVER=server-name
Specifies the name of a server that is a member of the domain from which to
remove the user. Do not specify both /DOMAIN and /SERVER on the same
command line.

Example
LANDOFOZ\\TINMAN> REMOVE USER SCARECROW
Each user account is represented by a unique identifier that is
independent of the user name. Once this user account is deleted,
even creating an identically named user account in the future will
not restore access to resources that currently name this user
account in the access control list.
Remove user "SCARECROW" [YES or NO] (YES) : YES
%PWRK-S-USERREM, user "SCARECROW" removed from domain "LANDOFOZ"
This example removes the user named SCARECROW from the domain
currently being administered (LANDOFOZ). A confirmation is required.

2–102 ADMINISTER Commands

ADMINISTER Commands
SAVE EVENTS

SAVE EVENTS
Saves an event log file to a specified archive file on the server being
administered. A saved event log file can later be reopened for display by
the SHOW EVENTS command.

Format
SAVE EVENTS log-file-spec [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
CLEAR EVENTS
SHOW EVENTS

Parameters
log-file-spec
A file specification for the archived event log file of the server being
administered (which, if the /SERVER qualifier is used, is the server
specified with that qualifier). The file specification is local to the server
being administered. On a PATHWORKS or Advanced Server for OpenVMS
server, if no device or directory is specified, the archived event log is saved to
the path pointed to by the logical name PWRK$LMLOGS:.

Qualifiers
/SERVER=server-name
Specifies the name of the Compaq OpenVMS server to be administered. The
event log file of the specified server is saved on that server. The default is the
server currently being administered.
/TYPE=log-type
Specifies the log file to be saved. The log-type keyword can be one of the
following:

ADMINISTER Commands 2–103

ADMINISTER Commands
SAVE EVENTS
Log-type

Log File

APPLICATION
SECURITY
SYSTEM

The application log file
The security log file
The system log file (the default)

Example
LANDOFOZ\\TINMAN> SAVE EVENTS SYSTEM.BKP/TYPE=SYSTEM/SERVER=DOROTHY
%PWRK-S-ELFSAVE, System Event Log from server "DOROTHY" saved
This example saves the system event log file of server DOROTHY to the file
PWRK$LMLOGS:SYSTEM.BKP on server DOROTHY.

2–104 ADMINISTER Commands

ADMINISTER Commands
SEND

SEND
Sends a message to one or more computers on the network, or to all or specific
users connected to a server. The message appears in a pop-up window on the
workstation.

Format
SEND computer-name[,...] [/qualifiers] [message]
SEND/USERS [/qualifiers] [message]

Restrictions
The Alerter service must be running on the computer sending the message.
Messages can only be received by client computers running the Messenger
service. The Messenger service is not supported on the Advanced Server:
OpenVMS users on the Advanced Server will not receive messages sent with
the SEND command.

Parameters
computer-name
Specifies the computers that are to receive the message — either a single
computer name or a comma-separated list of computer names.
message
Specifies the text of the message to send. The message text must follow all
other parameters and qualifiers. To preserve the case of a message, enclose
the message in quotation marks. If message is not specified, you are prompted
for a multi-line message. When you have finished entering the message, enter
Ctrl/Z to terminate the message text.

Qualifiers
/NAME=user-name
Use with the /USERS qualifier to send the message to a specific user. username is the name of the user to whom to send the message.
/SERVER=server-name
Specifies the name of the server from which to send the message. If you
use the /USERS qualifier, the value of server-name is also used to select the
users to which the message is sent. The default is the server currently being
administered.

ADMINISTER Commands 2–105

ADMINISTER Commands
SEND
/SHARENAME=share-name
Use with the /USERS qualifier to restrict sending the message to only users
connected to the specified share name.
/USERS
If included, the /USERS qualifier must immediately follow the SEND verb
and is used to send the message to users connected to a server rather than to
specific computers. The default is to send the message to all users connected
to the server. However, you can use the /NAME and /SHARENAME qualifiers
with the /USERS qualifier to send a message to specific users.

Examples
1.

LANDOFOZ\\TINMAN> SEND OZ1,OZ2 "Meeting changed to 3 pm."
This example sends the message "Meeting changed to 3 pm." to computers
OZ1 and OZ2.

LANDOFOZ\\TINMAN> SEND/USERS/SERVER=DOROTHY _LANDOFOZ\\TINMAN> "Server DOROTHY will be going down at 21:00 hours"
This example sends the message "Server DOROTHY will be going down at
21:00 hours" to all users connected to the server DOROTHY.

LANDOFOZ\\TINMAN> SEND/USERS/SERVER=DOROTHY/SHARENAME=WIZARD _LANDOFOZ\\TINMAN> "The WIZARD share will be deleted at 6 pm."
This example sends the message "The WIZARD share will be deleted
at 6 pm." to all users connected to the share named WIZARD on server
DOROTHY.

LANDOFOZ\\TINMAN> SEND/USERS/NAME=TOTO "Follow the yellow brick road"
This example sends the message "Follow the yellow brick road" to user
TOTO connected to the server currently being administered (TINMAN).

2–106 ADMINISTER Commands

ADMINISTER Commands
SET ACCOUNT POLICY

SET ACCOUNT POLICY
Sets the account policy, which controls how passwords are used by all user
accounts, and whether user accounts are automatically locked out after a series
of failed logon attempts.

Format
SET ACCOUNT POLICY

[/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
SHOW ACCOUNT POLICY

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain for which to set the account policy. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/FORCE_DISCONNECT
/NOFORCE_DISCONNECT
Controls whether a user’s connections to any server in the domain are forcibly
disconnected when the user account exceeds its logon hours. This interacts
with the logon hours defined for a user account. /NOFORCE_DISCONNECT,
the default, specifies that the user is not to be disconnected, but no new
connections from that account will be allowed.
/LOCKOUT=(option[,...])
/NOLOCKOUT
Controls whether users are locked out after a specified number of failed logon
attempts. By default, account lockout is disabled. To enable account lockout,
you must specify a value for each of the following three option keywords:

ADMINISTER Commands 2–107

ADMINISTER Commands
SET ACCOUNT POLICY
Option

Description

ATTEMPTS=n

Specifies the failed logon count. Account is locked out after
the specified number of failed attempts. The value of n can
be from 1 to 999.
Specifies the number of minutes before a locked out account
is automatically unlocked. The value of n can be FOREVER
or a value from 1 to 99999. The value must be greater than,
or equal to, the value assigned to the WINDOW keyword.
Specifies the number of minutes from the most recent failed
login attempt before the failed login count is reset to zero.
For example, if the WINDOW is set to 30 minutes, then
thirty minutes after the most recent failed login attempt, the
failed logon count is reset to zero. The value of n can be from
1 to 99999. The value must be less than, or equal to, the
value assigned to the DURATION keyword.

DURATION=n

WINDOW=n

The /NOLOCKOUT qualifier specifies that user accounts are never locked out,
no matter how many failed logon attempts are made on a user account. This is
the default if you do not specify /LOCKOUT.
Administrators can unlock a locked out account using the MODIFY USER/UNLOCK
command.
/PASSWORD_POLICY=(option[,...])
Specifies password policies for the domain. The option keyword can be one or
more of the following:

2–108 ADMINISTER Commands

ADMINISTER Commands
SET ACCOUNT POLICY
Option

Description

HISTORY=n

Sets the number of new passwords that must be used by a
user before an old password can be reused. n specifies the
number of passwords to maintain in the password history,
from 0 to 24. The default is 0 (equivalent to specifying
/PASSWORD_POLICY=NOHISTORY).
Specifies that no password history should be maintained. This is equivalent to specifying /PASSWORD_
POLICY=HISTORY=0.
Sets the maximum number of days a user’s password can
be used before the server requires the user to change it. n
specifies the number of days from 1 to 999. The default is
90 days.
Specifies that a user’s password never expires.
Sets the minimum number of days a user’s password
must be used before a user can change it. Do not allow
immediate changes if a password history value is set. n is
the number of days from 0 to 999. The default is 1.
Specifies that a user may change his or her password at
any time. This is equivalent to specifying /PASSWORD_
POLICY=MINAGE=0.
Sets the minimum length of a password. n is the
minimum number of characters required in the password
and can be from 0 to 14. A value of 0 means that a blank
password is permitted. The default is 0, which permits a
blank password.

NOHISTORY

MAXAGE=n

NOMAXAGE
MINAGE=n

NOMINAGE

MINLENGTH=n

/SERVER=server-name
Specifies the name of a server that is a member of the domain for which to set
the account policy. Do not specify both /DOMAIN and /SERVER on the same
command line.

ADMINISTER Commands 2–109

ADMINISTER Commands
SET ACCOUNT POLICY

Examples
1.

LANDOFOZ\\TINMAN> SET ACCOUNT POLICY _LANDOFOZ\\TINMAN> /LOCKOUT=(ATTEMPTS=3,WINDOW=20,DURATION=25)
%PWRK-S-ACCPOLSET, account policy set for domain "LANDOFOZ"
This example limits users to three failed logon attempts, resets the failed
logon count after 20 minutes, and unlocks locked-out accounts after 25
minutes.

LANDOFOZ\\TINMAN> SET ACCOUNT POLICY/NOLOCKOUT_LANDOFOZ\\TINMAN> /PASSWORD_POLICY=(NOHISTORY,MINLENGTH=10)
%PWRK-S-ACCPOLSET, account policy set for domain "LANDOFOZ"
This example disables account lockouts and history checking of passwords,
and sets the minimum password length to 10. The account policy is set on
the domain currently being administered (LANDOFOZ).

2–110 ADMINISTER Commands

ADMINISTER Commands
SET ADMINISTRATION

SET ADMINISTRATION
Selects a new default domain or server, or both, to be administered. The
command prompt is changed to reflect the new domain and server being
administered. The format of the command prompt is DOMAIN\\ SERVER>,
where DOMAIN is the name of the domain being administered, and SERVER
is the name of the server being administered.

Format
SET ADMINISTRATION

[/qualifiers]

Restrictions
Use of this command does not require special group membership.

Related Commands
SHOW ADMINISTRATION

Qualifiers
/DOMAIN=domain-name
Selects a new default domain to be administered. Initially, the domain name
is set to be the domain where you are logged on, or, if you are not logged on,
the domain of the local server. A value for domain-name specifies a different
domain to be administered. If you omit the domain-name value, then the
initial default domain is reset. The domain-name is used as the default
domain for any command that operates on a domain. The /DOMAIN qualifier
value on an individual command overrides this default value.
If you omit the /SERVER qualifier, the server being administered is set to the
local server if the specified domain is the local server’s domain; otherwise, it is
set to the name of the primary domain controller for the specified domain. If
you specify both a domain and a server, the server must be a member of the
domain.
You can specify a computer name in place of the domain name, by preceding
the computer name with two backslashes (\\). This allows you to manage a
computer that maintains its own security database, such as a member server,
a Windows NT Workstation, or a Windows NT Server computer that is not a
domain controller. If you specify a primary or backup domain controller, the
specified computer’s domain is selected. The /SERVER qualifier is ignored if
you specify a computer name.

ADMINISTER Commands 2–111

ADMINISTER Commands
SET ADMINISTRATION
Note: The default domain and server names are recomputed when you log on
or log off the network using the LOGON or LOGOFF commands, respectively.
/SERVER=server-name
Selects a new default server to be administered. Initially, the server name is
set to be the local server if it is a member of the domain being administered;
otherwise, it is set to the primary domain controller of the domain being
administered. A value for server-name specifies a different server to be
administered. If you omit the server-name value, then the initial default server
name is reset.
The server-name is used as the default server name for any command that
operates on a server. The /SERVER qualifier value on an individual command
overrides this default value. If you do not also specify the /DOMAIN qualifier,
the domain being administered is set to the domain of the specified server. If
you specify both a domain and a server, the server must be a member of the
domain.
Note: The default domain and server names are recomputed when you log on
or log off the network using the LOGON or LOGOFF commands, respectively.

Examples
1.

LANDOFOZ\\TINMAN> SET ADMINISTRATION/SERVER=OZ3
%PWRK-S-ADMSET, now administering domain "LANDOFOZ", server "OZ3"
LANDOFOZ\\OZ3>
This example sets the default server to be administered to OZ3. Because
OZ3 is a member of the LANDOFOZ domain, the default domain remains
unchanged. All further commands that operate on a specific server will be
performed against server OZ3. The command prompt is changed to reflect
the new default.

LANDOFOZ\\OZ3> SET ADMINISTRATION/DOMAIN=KANSAS
%PWRK-S-ADMSET, now administering domain "KANSAS", server "TOPEKA"
KANSAS\\TOPEKA>
This example sets the default domain to be administered to KANSAS.
Because KANSAS is not the domain of the local server, and the /SERVER
qualifier was not specified, the default server is set to the primary domain
controller for the KANSAS domain, TOPEKA. All further commands will
be performed against the new domain and server. The command prompt is
changed to reflect the new defaults.

2–112 ADMINISTER Commands

ADMINISTER Commands
SET ADMINISTRATION
3.

KANSAS\\TOPEKA> SET ADMINISTRATION/DOMAIN
%PWRK-S-ADMSET, now administering domain "LANDOFOZ", server "TINMAN"
LANDOFOZ\\TINMAN>
This example resets the default domain and server to the initial defaults.
The command prompt is changed to reflect the new defaults.

ADMINISTER Commands 2–113

ADMINISTER Commands
SET AUDIT POLICY

SET AUDIT POLICY
Sets the auditing policy for a domain. A server can track selected activities of
users by auditing security events and then placing entries in a server’s security
log. The server can record a range of security event types, from a systemwide
event such as a user logging on, to an attempt by a user to read a specific file.
You can audit both successful and failed attempts to perform an action. Use
the audit policy to establish the types of security events to log.
When administering domains, the audit policy affects the security logs of the
domain controller and of all servers in the domain, because they share the
same audit policy.

Format
SET AUDIT POLICY

[/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
SHOW AUDIT POLICY

Qualifiers
/AUDIT
/NOAUDIT
Controls whether auditing events are logged. /AUDIT enables auditing of the
specified events, and /NOAUDIT (the default) disables auditing of the specified
events.
/DOMAIN=domain-name
Specifies the name of the domain on which to set the audit policy. The default
is the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/FAILURE=(event[,...])
Specifies events whose failure adds an entry to the security log. Precede the
event keyword with NO to disable logging of a failed event. The event keyword
can be one or more of the following:

2–114 ADMINISTER Commands

ADMINISTER Commands
SET AUDIT POLICY
Event

Description

ALL
NONE
[NO]ACCESS

Selects all possible events.
Deselects all possible events.
A user accessed a directory or a file that is set for auditing,
or a user sent a print job to a printer that is set for auditing.
[NO]ACCOUNT_MANAGEMENT
A user account or group was created, changed, or deleted.
A user account was renamed, disabled, or enabled; or a
password was set or changed.
[NO]LOGONOFF
A user logged on the domain, logged off, or made a server
connection.
[NO]POLICY_CHANGE
A change was made to the Audit, Trust Relationships, or
User Rights policies.
[NO]PROCESS
Process events provide detailed tracking information for
events such as program activation, some forms of handle
duplication, indirect accesses, and process exit.
[NO]SYSTEM
A user restarted or shut down the computer, or an event
occurred that affects system security, or the security log.
[NO]USER_RIGHTS
A user exercised a user right, except rights related to logon or
logoff.
/SERVER=server-name
Specifies the name of a server that is a member of the domain on which to
set the audit policy. Do not specify both /DOMAIN and /SERVER on the same
command line.
/SUCCESS=(event[,...])
Specifies events whose success adds an entry to the security log. Precede the
event keyword with NO to disable logging of a successful event. The event
keyword can be one or more of the following:

ADMINISTER Commands 2–115

ADMINISTER Commands
SET AUDIT POLICY
Event

Description

ALL
NONE
[NO]ACCESS

Example
LANDOFOZ\\TINMAN> SET AUDIT POLICY/AUDIT/FAILURE=NOLOGONOFF _LANDOFOZ\\TINMAN> /SUCCESS=(ACCESS,POLICY_CHANGE)
%PWRK-S-AUDPOLSET, audit policy set for domain "LANDOFOZ"
This example enables logging of audit events, disables auditing of failures to
log on or log off, and enables logging of successful attempts to access an object
or make policy changes.

2–116 ADMINISTER Commands

ADMINISTER Commands
SET COMPUTER

SET COMPUTER
Sets the role of the server in the domain and controls domain synchronization.

Format
SET COMPUTER computer-name [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
ADD COMPUTER
REMOVE COMPUTER
SHOW COMPUTERS

Parameters
computer-name
Specifies the name of the computer whose attributes are to be affected.

Qualifiers
/ACCOUNT_SYNCHRONIZE
Normally, synchronization of primary domain controller (PDC) and backup
domain controller (BDC) security/accounts databases occurs without user
intervention. Use the SET COMPUTER command with the /ACCOUNT_
SYNCHRONIZE qualifier in those rare circumstances when PDC and BDC
databases get out of synchronization.
If you specify the PDC of a domain with the SET COMPUTER command,
/ACCOUNT_SYNCHRONIZE causes the PDC to send a synchronize status
message to all BDCs in the domain. (Normally, the PDC sends synchronize
status messages to all BDCs in the domain at regular intervals.) Each BDC
that receives the status message uses it to determine whether its databases
are synchronized with the PDC’s databases. If the status message indicates to
a BDC that the PDC’s databases contain changes that are not represented in
the BDC’s databases, the BDC will request a partial synchronization. The PDC
sends the BDC only those database elements that were changed since the last
time the BDC received a status message.

ADMINISTER Commands 2–117

ADMINISTER Commands
SET COMPUTER
If you specify the BDC with the SET COMPUTER command,
/ACCOUNT_SYNCHRONIZE causes the BDC to request a full synchronization.
Do not specify a member server with the
SET COMPUTER/ACCOUNT_SYNCHRONIZE command.
/AUTOSHARE_SYNCHRONIZE
Causes the computer to synchronize its list of autoshares. This qualifier is
valid only to Compaq OpenVMS servers.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 256 characters used to provide descriptive
information about the computer. Enclose the string in quotation marks
if it contains lowercase letters, blanks (spaces) or other nonalphanumeric
characters. /NODESCRIPTION indicates that the description is to be blank.
/ROLE=role-type
Sets the computer’s role in the network to be either a primary or backup domain controller. The role-type can be either PRIMARY_DOMAIN_CONTROLLER
or BACKUP_DOMAIN_CONTROLLER.
Only a computer whose current role is backup domain controller can have
its role changed to primary domain controller. When this occurs, the existing
primary domain controller (if it is available to the network) will automatically
be demoted to backup domain controller.
A primary domain controller can only have its role changed to backup domain
controller if another computer in the domain is acting as the current primary
domain controller. This could happen if a backup domain controller was
promoted to primary domain controller while the original primary domain
controller was not available to the network. When the original primary domain
controller is restarted, use this command to explicitly demote it to backup
domain controller.

2–118 ADMINISTER Commands

ADMINISTER Commands
SET COMPUTER
Do not use the SET COMPUTER/ROLE command to change the role of an
Advanced Server domain controller to a member server, or vice versa. Use the
SYS$UPDATE:PWRK$CONFIG command procedure.

Examples
1.

LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/AUTOSHARE_SYNCHRONIZE
%PWRK-S-AUTOSHRSYNCHED, autoshare synchronization was successful
This example causes the computer TINMAN to resynchronize its list of
autoshares.

LANDOFOZ\\TINMAN> SET COMPUTER TINMAN/ACCOUNT_SYNCHRONIZE
Resynchronizing the "LANDOFOZ" domain may take a few minutes.
Do you want to continue with the synchronization [YES or NO] (YES) :
%PWRK-S-ACCSYNCHED, account synchronization was successful
This example synchronizes the accounts databases on all backup domain
controllers in the LANDOFOZ domain, with the primary domain controller
TINMAN.

LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ACCOUNT_SYNCHRONIZE
Resynchronizing "DOROTHY" with its Primary Domain Controller "TINMAN"
may take a few minutes. After the synchronization has completed, you
should check the Event Logs on "DOROTHY" and "TINMAN" to determine
whether synchronization was successful.
Do you want to continue with the synchronization [YES or NO] (YES) :
%PWRK-S-ACCSYNCHED, account synchronization was successful
This example synchronizes the accounts database on the backup domain
controller DOROTHY, with its primary domain controller TINMAN.

LANDOFOZ\\TINMAN> SET COMPUTER DOROTHY/ROLE=PRIMARY_DOMAIN_CONTROLLER
Promoting "DOROTHY" to a Primary Domain Controller may take a few minutes.
Do you want to continue with the promotion [YES or NO] (YES) :
%PWRK-I-ROLESYNC, synchronizing "DOROTHY" with its primary
%PWRK-I-ROLENLSTOP, stopping the Net Logon service on "DOROTHY"
%PWRK-I-ROLENLSTOP, stopping the Net Logon service on "TINMAN"
%PWRK-I-ROLECHANGE, changing "TINMAN"’s role to Backup Domain Controller
%PWRK-I-ROLECHANGE, changing "DOROTHY"’s role to Primary Domain Controller
%PWRK-I-ROLENLSTART, starting the Net Logon service on "DOROTHY"
%PWRK-I-ROLENLSTART, starting the Net Logon service on "TINMAN"
%PWRK-S-ROLECHANGED, the computers role was successfully changed
This example sets the backup domain controller named DOROTHY to be

ADMINISTER Commands 2–119

ADMINISTER Commands
SET COMPUTER
the primary domain controller in its domain. The current primary domain
controller, TINMAN, is demoted to a backup domain controller.

2–120 ADMINISTER Commands

ADMINISTER Commands
SET FILE

SET FILE
Sets or modifies auditing or permissions on directories and files within a shared
directory.

Format
SET FILE path [[domain-name\]name[,...]] [/qualifiers]

Restrictions
Use of this command does not require special group membership. However,
you must have read permission to the files and directories you modify.

Related Commands
SHOW FILES
SHOW OPEN_FILES

Parameters
path
Specifies the UNC (Universal Naming Convention) path to the directory or file
for which to set auditing or permission information.
[domain-name\ ]name
The name specifies one or more users or groups for which to set auditing or
permissions.
You can specify users or groups in the domain being administered or in
a trusted domain. To specify a user account or global group in a trusted
domain, enter a domain-qualified name (domain-name\name), such as
KANSAS\DOLE, where KANSAS is the name of the trusted domain, and
DOLE is the user or group name defined in the trusted domain. If you omit
the domain name, the user account or group is assumed to be defined in the
domain of the server currently being administered.
To remove all auditing information or permissions for all users and groups from
the specified directory or files, omit the list of names and use the /REMOVE
qualifier to remove the desired information. If you specify a user or group, you
must include the /AUDIT, /PERMISSIONS or /REMOVE qualifiers to specify
an action to perform.

ADMINISTER Commands 2–121

ADMINISTER Commands
SET FILE

Qualifiers
/APPLY_TO=(option[,...])
Controls how existing files and other subdirectories are affected by the change
in attributes. This qualifier is only valid if path specifies a directory. By
default, the change in attributes is applied to the specified directory, and its
existing files only. You use the /APPLY_TO qualifier to change this default
behavior. The option keyword can be one or more of the following:
Option

Description

[NO]FILES

FILES applies changes to existing files in the directory
and to the directory itself. NOFILES applies changes only
to the directory itself. Changes are not applied to existing
files in the directory. NOFILES is the default.
[NO]SUBDIRECTORIES
SUBDIRECTORIES applies changes to all existing subdirectories under the directory and to the directory itself. If
you also specify FILES, the changes apply to the existing
files in the subdirectories as well. NOSUBDIRECTORIES
prevents changes from being applied to subdirectories
under the directory. NOSUBDIRECTORIES is the default.
/AUDIT=(audit-type[=(event[,...])][,...])
Specifies a list of events to set or clear for auditing. The /AUDIT qualifier is
position-sensitive: if specified before any name values, it applies to all names
in the list that do not have explicit /AUDIT values of their own; otherwise it
pertains only to the name on which it is specified. The audit-type keyword can
be one or more of the following:
Audit-Type

Description

NONE

Disables auditing of all failure and success events; cannot
be specified with the FAILURE or SUCCESS audit-types
Sets audit failure events
Sets audit success events

FAILURE
SUCCESS

The FAILURE and SUCCESS audit-types are used to specify which failure and
success audit events are to be enabled or disabled. Precede an event type with
NO to disable auditing of that event. The event keyword can be one or more of
the following:

2–122 ADMINISTER Commands

ADMINISTER Commands
SET FILE
Event

Description

ALL
NONE
[NO]READ

Audits all events.
No events will be audited.
For directories, audits display of file names, attributes,
permissions, and owner. For files, audits display of file’s
data, attributes, permissions, and owner.
[NO]WRITE
For directories, audits creation of subdirectories and
files, changes to attributes, and display of permissions
and owner. For files, audits changes to the file’s data or
attributes, and display of permissions and owner.
[NO]EXECUTE
For directories, audits display of attributes, permissions,
and owner, and changing to subdirectories. For files,
audits running of program files and display of attributes,
permissions, and owner.
[NO]DELETE
Audits deletion of the directory or file.
[NO]CHANGE_PERMISSIONS
Audits changes to permissions for a directory or file.
[NO]TAKE_OWNERSHIP
Audits changes in ownership of a directory or file.
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before removing all
permissions from a directory or files. The default is /CONFIRM if running in
interactive mode. When the prompt is issued, the default response is shown,
and you may accept the default by pressing Return or Enter. If you type
YES, TRUE, or 1, the operation is performed. If you type NO, FALSE, 0, or
enter Ctrl/Z, no action is performed. If you type anything else, the prompt is
repeated until you type an acceptable response. No prompt for confirmation is
issued if running in batch mode.
/LOG
/NOLOG
Controls whether the SET FILE command displays the file specifications of
each file after its attributes have been modified. The default is to display all
files modified.

ADMINISTER Commands 2–123

ADMINISTER Commands
SET FILE
/PERMISSIONS=(access-type[,...])
Sets or modifies access permissions on a directory or file. The /PERMISSIONS
qualifier is position-sensitive: if specified before any name parameters, it
applies to all names in the list that do not have explicit /PERMISSIONS values
of their own; otherwise it pertains only to the name on which it is specified.
The access-type is the type of access to be granted.
All permissions can be removed by using the /REMOVE=PERMISSIONS
qualifier without specifying a name. If you remove all permissions from a
directory or file, no one will be able to access it, and only the owner will be able
to change the permissions.
If path specifies a directory, the access-type keyword can be one of the
following:
Directory Access
Type

NONE
LIST

READ

ADD

Description

Prevents any access to the directory or any of its files.
Allows viewing file names and subdirectory names, and
changing to the directory’s subdirectories. Disallows
access to files unless granted by other directory or file
permissions.
Allows viewing file names and subdirectory names,
changing to the directory’s subdirectories, and viewing
data in files and running applications.
Allows adding files and subdirectories to the directory.
Disallows access to files unless granted by other directory
or file permissions.

ADD_AND_READ

CHANGE

Allows viewing file names and subdirectory names,
changing to the directory’s subdirectories, viewing data
in files and running applications, and adding files and
subdirectories to the directory.
Allows viewing file names and subdirectory names,
changing to the directory’s subdirectories, viewing
data in files and running applications, adding files and
subdirectories to the directory, changing data in files, and
deleting the directory and its files.

2–124 ADMINISTER Commands

ADMINISTER Commands
SET FILE
Directory Access
Type

Description

FULL

Allows viewing file names and subdirectory names,
changing to the directory’s subdirectories, viewing data
in files and running applications, adding files and
subdirectories to the directory, changing data in files,
deleting the directory and its files, changing permissions
on the directory and its files, and taking ownership of the
directory and its files.
DIRECTORY_SPECIFIC=(access[,...])
Grants specific access rights to the directory. The access
keyword can be one or more of the following:
Access

Description

FULL

Allows complete access to the
directory
NONE
Allows no access to the directory
READ
Allows viewing the names of files and
subdirectories
WRITE
Allows adding files and subdirectories
EXECUTE
Allows changing to subdirectories in
the directory
DELETE
Allows deleting the directory
CHANGE_PERMISSIONS
Allows changing the directory
permissions
TAKE_OWNERSHIP
Allows taking ownership of the
directory

ADMINISTER Commands 2–125

ADMINISTER Commands
SET FILE
Directory Access
Type

Description

FILE_SPECIFIC=(access[,...])
Grants specific access rights to the files in the directory.
The access keyword can be one or more of the following:
Access

NOT_SPECIFIED

Description

Indicates that no file-specific
access permissions are specified;
cannot be used with any other
access permission
FULL
Allows complete access to the file
and its data
NONE
Allows no access to the file
READ
Allows viewing the file’s data
WRITE
Allows changing the file’s data
EXECUTE
Allows running the file if it is a
program file
DELETE
Allows deleting the file
CHANGE_PERMISSIONS
Allows changing the file’s
permissions
TAKE_OWNERSHIP
Allows taking ownership of the
file

2–126 ADMINISTER Commands

ADMINISTER Commands
SET FILE
If path specifies a file, the access-type keyword can be one of the following:
Directory Access
Type

Description

NONE

Prevents any access to the file. Specifying no access for a
user prevents access even if that user belongs to a group
that has access to the file.
READ
Allows viewing the file’s data and running the file if it is a
program.
CHANGE
Allows viewing the file’s data, running the file if it is a
program, changing the data in the file, and deleting the
file.
FULL
Allows viewing the file’s data, running the file if it is a
program, changing the data in the file, deleting the file,
changing permissions on the file, and taking ownership of
the file.
FILE_SPECIFIC=(access[,...])
Grants specific access rights to the file. The access
keyword can be one or more of the following:
Access

Description

FULL

Allows complete access to the file and
its data
NONE
Allows no access to the file
READ
Allows viewing the file’s data
WRITE
Allows changing the file’s data
EXECUTE
Allows running the file if it is a
program file
DELETE
Allows deleting the file
CHANGE_PERMISSIONS
Allows changing the file’s permissions
TAKE_OWNERSHIP
Allows taking ownership of the file

/REMOVE=(attribute[,...])
Removes a given attribute from the directory or file specified by path. The
/REMOVE qualifier is position sensitive: if specified before any name values,

ADMINISTER Commands 2–127

ADMINISTER Commands
SET FILE
it applies to all names in the list that do not have explicit /REMOVE values
of their own; otherwise it pertains only to the name after which it is specified.
The attribute keyword can be one or more of the following:
Attribute

Description

AUDIT

Removes all auditing information for the specified
directory or file
Removes all permission information for the specified
directory or file

PERMISSIONS

For any given name, the /PERMISSIONS qualifier overrides the
/REMOVE=PERMISSIONS qualifier, and the /AUDIT qualifier overrides
the /REMOVE=AUDIT qualifier.
/SERVER=server-name
Specifies the name of the server on which to set directory or file permissions.
The default is the server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> SET FILE STATES\KANSAS _LANDOFOZ\\TINMAN> MUNCHKINS/AUDIT=(SUCCESS=DELETE)
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\MYPROG.EXE" modified
%PWRK-S-FILESMODIFIED, total of 4 files modified
This example sets auditing for all successful deletions done by members
of the group MUNCHKINS to the directory, subdirectories and files of the
shared directory KANSAS in the share called STATES that resides on the
server currently being administered (TINMAN).

LANDOFOZ\\TINMAN> SET FILE/PERMISSIONS=READ STATES\KANSAS\*.DAT _LANDOFOZ\\TINMAN> MUNCHKINS,WIZARD,SCARECROW/PERMISSIONS=FULL
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE2.DAT" modified
%PWRK-S-FILESMODIFIED, total of 2 files modified
This example grants the group MUNCHKINS and the user WIZARD,
READ access, and the user SCARECROW FULL access to all .DAT files in
the shared directory KANSAS in the share called STATES that resides on
the server currently being administered (TINMAN).

2–128 ADMINISTER Commands

ADMINISTER Commands
SET MODE

SET MODE
Determines the output display format and the input mode for ADMINISTER
commands. The SET MODE command settings can affect how Unicode or
extended character set characters (code points) with values of hexadecimal
0080 or higher are handled on input and output.
Settings made with this command are preserved until you log out from the
system. These settings will determine the default modes that take effect each
time you invoke the ADMINISTER command interface. The current setting for
the ADMINISTER command input mode overrides the current OpenVMS DCL
parse style setting.
If you have not yet used the SET MODE command to change input or output
mode settings during your present system user login session, the defaults are
determined by the current OpenVMS DCL parse style. If the parse style is
TRADITIONAL (the OpenVMS default), the input and output modes are RAW;
if the parse style is EXTENDED, the input and output modes are VTF7.
You can set permanent defaults by inserting the appropriate SET MODE
command in your LOGIN.COM file. The server does not have to be running for
this command to execute.

Format
SET MODE [/qualifiers]

Restrictions
None

Related Commands
SHOW MODE

Qualifiers
/RAW
For terminals that support the ISO-8859-n character sets, the actual extended
character set characters in the Advanced Server’s character set are used
for input and output. If this qualifier is set for a terminal that does not
support ISO-8859-n character sets, and filtering is not enabled, output will be
unpredictable. Enable filtering with the /OUTPUT qualifier.

ADMINISTER Commands 2–129

ADMINISTER Commands
SET MODE
/VTF7
Code point values that map to Unicode hexadecimal values 0080 to 00FF (128
to 255 decimal) are input in either the ^xx or ^Uxxxx format, and displayed in
the ^xx format, while code point values 0100 to FFFF (256 to 65,535 decimal)
are input and displayed in the ^Uxxxx format.
The extended character set characters for Unicode values 0080 to 00FF (128 to
255 decimal) can be input in either of two different formats: ^xx and ^uxxxx.
Unicode values above 00FF (255 decimal) must be entered in the ^uxxxx
format.
/INPUT=(mode)
Sets only the input mode. The mode keyword can be one of the following:
Mode

Description

RAW

The input characters are handled as the actual characters in the
Advanced Server’s character set.
The input characters are handled as VTF-7 characters.

VTF7

Note that if the input and output modes differ, your command input might
appear in one format while being displayed in another.
/OUTPUT=mode[/[NO]FILTER]
Specifies the output mode only. The mode keyword can be one of the following:
Mode

Description

RAW

The output characters are displayed as the actual characters
in the Advanced Server’s character set.
The output characters are displayed as VTF-7 characters.

VTF7

Optionally, specify the /FILTER qualifier to convert characters before they are
output. If filtering is enabled (the default), the C1 character codes (127 through
160 decimal) are converted to spaces before being output. Specify /NOFILTER
to disable filtering; output on some terminals might be unpredictable.
You can specify one mode only. You can specify one mode and the /[NO]FILTER
qualifier, or just the /[NO]FILTER.
Note that if the input and output modes differ, your command input might
appear in one format while being displayed in another.

2–130 ADMINISTER Commands

ADMINISTER Commands
SET MODE

Examples
1.

LAPLAYA\\VALENCIA> SET MODE/VTF7
LAPLAYA\\VALENCIA> SHOW SHARE ^BFESPA^F1OL /FULL
Shared resources on server "VALENCIA":
Name
Type
Description
------------ --------- ------------------------------------------------------^BFESPA^D1OL Directory
Path: USER1:[^BFESPA^F1OL]
Connections: Current: 0, Maximum: No limit
RMS file format: Stream
Directory Permissions: System: RW, Owner: RW, Group: RW, World: R
File Permissions: System: RW, Owner: RW, Group: RW, World: R
Share Permissions:
Everyone
Full Control
Total of 1 share
In this example, the output and input modes are set to VTF7. The
subsequent SHOW command reveals how certain code point values in the
Spanish language’s character set are then displayed.

LAPLAYA\\VALENCIA> SET MODE/OUTPUT=RAW
LAPLAYA\\VALENCIA> SHOW SHARE ^BFESPA^F1OL /FULL
Shared resources on server "VALENCIA":
Name
Type
Description
------------ --------- ---------------------------------------------------¿ESPAÑOL
Directory
Path: USER1:[¿ESPAÑOL]
Connections: Current: 0, Maximum: No limit
RMS file format: Stream
Directory Permissions: System: RW, Owner: RW, Group: RW, World: RW
File Permissions: System: RW, Owner: RW, Group: RW, World: R
Share Permissions:
Everyone
Full Control
Total of 1 share
In this example, the output mode is set to RAW mode. The terminal
supports the ISO-8859-1 character set (used when the Spanish language
is configured), so the actual Spanish characters in the character set are
displayed. The input mode is VTF7 by default — note how the Spanish
characters are handled on input differ from the way they are displayed.

ADMINISTER Commands 2–131

ADMINISTER Commands
SET MODE
3.

$! User LOGIN.COM file
.
.
.
$ ADMINISTER SET MODE/VTF7/OUTPUT=NOFILTER
This command, entered in your LOGIN.COM file, sets permanent defaults
for each time you log in to your OpenVMS system. This command sets
input and output modes to VTF7, with output unfiltered. The server does
not have to be running for this command to execute.

2–132 ADMINISTER Commands

ADMINISTER Commands
SET PASSWORD

SET PASSWORD
Sets a new password for a user account in a domain.

Format
SET PASSWORD [user-name [old-password [new-password]]] [/qualifier]

Restrictions
Use of this command does not require special group membership.
Passwords entered on the SET PASSWORD command line are accepted as
caseless. See restrictions regarding the old-password and new-password
parameters.

Parameters
user-name
Specifies the user account name of the user whose password is to be changed.
If you do not enter a user name on the command line, you will be prompted to
enter one.
old-password
Specifies the current password for the user account. The password is displayed
as you enter it. If you do not enter a password, or you enter it as an asterisk
(*), a prompt is issued. The password is not displayed when you enter it at the
prompt.
Passwords entered on the command line are converted to uppercase unless
they are enclosed within quotation marks. If the password contains lowercase
letters, blanks (spaces), or other nonalphanumeric characters, enclose it in
quotation marks unless you enter it in response to the password prompt.
new-password
Specifies the new password for the user account, which may be up to 14
characters in length. If you omit the new password, or you specify it as an
asterisk (*), you are prompted for the new password and a confirmation. The
password is not displayed when you enter it at the prompt.
New passwords are accepted as caseless. For a new password that includes
lowercase letters, use the MODIFY USER command with the /PASSWORD
qualifier (requires administrative privileges).

ADMINISTER Commands 2–133

ADMINISTER Commands
SET PASSWORD

Qualifiers
/DOMAIN=domain-name
Specifies the domain in which to change the password. The default is the
domain of the local server.

Examples
1.

LANDOFOZ\\TINMAN> SET PASSWORD LION GOLD SILVER
%PWRK-S-PSWCHANGED, password changed for user "LION" in domain "LANDOFOZ"
The example changes the password for the user LION from GOLD to
SILVER. The password is changed on the domain of the local server, which
in this example is LANDOFOZ.

LANDOFOZ\\TINMAN> SET PASSWORD WIZARD/DOMAIN=KANSAS
Old password:
New password:
New password verification:
%PWRK-S-PSWCHANGED, password changed for user "WIZARD" in domain
"KANSAS"
This example changes the password for user WIZARD on the domain
KANSAS. Because the old and new passwords were not specified on
the command line, prompts were issued for the old password, the new
password, and a verification of the new password.

2–134 ADMINISTER Commands

ADMINISTER Commands
SET PRINT JOB

SET PRINT JOB
Modifies the attributes of an existing OpenVMS Advanced Server print job.
Use the SHOW PRINT JOBS command to display the list of available print
jobs.

Format
SET PRINT JOB job-id [/qualifiers]

Restrictions
This command is valid only to OpenVMS servers. Use of this command
requires membership in the Administrators, Server Operators, or Print
Operators local group.

Related Commands
SET PRINT QUEUE
SHOW PRINT JOBS
SHOW PRINT QUEUES

Parameters
job-id
Specifies the job identification number of the print job to be affected. To
determine the job-id for a particular print job, use the SHOW PRINT JOBS
command.

Qualifiers
/DELETE
Deletes the specified print job from its print queue. Do not specify this qualifier
with the /FIRST, /HOLD, /LAST, or /RELEASE qualifiers.
/FIRST
Moves the specified print job to the first position in its print queue. The
print job starts after the current print job has completed. Do not specify this
qualifier with the /DELETE, /HOLD, /LAST, or /RELEASE qualifiers.
/HOLD
Holds the specified print job in its print queue for printing at a later time.
The print job stays in its print queue, and other print jobs can print. To allow
the held print job to print, use the SET PRINT JOB/RELEASE command. Do
ADMINISTER Commands 2–135

ADMINISTER Commands
SET PRINT JOB
not specify this qualifier with the /DELETE, /FIRST, /LAST, or /RELEASE
qualifiers.
/LAST
Moves the specified print job to the last position in its print queue. The
print job is printed after all other print jobs in the queue are completed. Do
not specify this qualifier with the /DELETE, /FIRST, /HOLD, or /RELEASE
qualifiers.
/RELEASE
Releases a print job that has been held; the job can then print. Do not specify
this qualifier with the /DELETE, /FIRST, /HOLD, or /LAST qualifiers.
/SERVER=server-name
Specifies the name of the server on which to set the print job. The default is
the server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> SET PRINT JOB 351/HOLD
%PWRK-S-JOBSET, print job 351 held on server "TINMAN"
This example holds print job 351. The print job will not be printed until it
is released.

LANDOFOZ\\TINMAN> SET PRINT JOB 351/RELEASE
%PWRK-S-JOBSET, print job 351 released on server "TINMAN"
This example releases print job 351, and makes it available to be printed.

LANDOFOZ\\TINMAN> SET PRINT JOB 351/DELETE
%PWRK-S-JOBSET, print job 351 deleted on server "TINMAN"
This example deletes print job 351.

2–136 ADMINISTER Commands

ADMINISTER Commands
SET PRINT QUEUE

SET PRINT QUEUE
Modifies the attributes of an existing Advanced Server print queue. Use the
SHOW PRINT QUEUES command to display the list of available print queues.

Format
SET PRINT QUEUE queue-name [/qualifiers]

Related Commands
ADD PRINT QUEUE
CONTINUE PRINT QUEUE
PAUSE PRINT QUEUE
REMOVE PRINT QUEUE
SET PRINT JOB
SHOW PRINT JOBS
SHOW PRINT QUEUES

Parameters
queue-name
Specifies the name of the print queue to be affected.

Qualifiers
/ABORT
Stops printing the currently printing job in the specified print queue. Do not
specify this qualifier with the /CONTINUE, /PAUSE, /PURGE, or /RESTART
qualifiers.
/CONTINUE
Continues printing from the specified print queue that has been paused. Do
not specify this qualifier with the /ABORT, /PAUSE, /PURGE, or /RESTART
qualifiers.

ADMINISTER Commands 2–137

ADMINISTER Commands
SET PRINT QUEUE
/DESCRIPTION="string"
/NODESCRIPTION
Specifies a string of up to 48 characters used to provide descriptive information
about the queue. Enclose the string in quotation marks if it contains
lowercase letters, blanks (spaces) or other nonalphanumeric characters.
/NODESCRIPTION indicates that the description is to be blank. If the
/DESCRIPTION qualifier is not specified, the current description remains
unchanged.
/PAUSE
Pauses printing from the specified print queue after the current job finishes
printing. Do not specify this qualifier with the /ABORT, /CONTINUE, /PURGE,
or /RESTART qualifiers.
/PURGE
Removes all print jobs from the specified print queue except for any job
that is currently printing. Do not specify this qualifier with the /ABORT,
/CONTINUE, /PAUSE, or RESTART qualifiers.
/PRINTER=device-name
Changes the physical device name or port to which the printer associated with
the specified printer queue is connected. This is the actual OpenVMS system
device to which the printer is connected (for example, OPA0, TTA2, TXA7, or
LTA201). You can use the /PRINTER qualifier only if the specified queue is a
printer queue.
/RESTART
Restarts printing of the current print job from the specified print queue. The
job restarts printing from the beginning. Do not specify this qualifier with the
/ABORT, /CONTINUE, /PAUSE, or /PURGE qualifiers.
/ROUTE_TO=(print-queue[,...])
Indicates that jobs for the specified routing queue should now be routed to the
specified printer queues. The print-queue specifies one or more printer queues
to which to route the print jobs. You can use the /ROUTE_TO qualifier only if
the specified print queue is a routing queue.
/SERVER=server-name
Specifies the name of the server where the specified print queue resides. The
default is the server currently being administered.

2–138 ADMINISTER Commands

ADMINISTER Commands
SET PRINT QUEUE
/TYPE=printer-type
Changes the printer type of the printer associated with the specified printer
queue. The printer-type keyword can be one of the following:
Printer-Type

Type of Printer

DL1100
DL2100
DL2100P
DL2200
DL2200P
DL3200
LN03
LN03P
LA50
LA70
LA75
LA210
LA324
LG01
LG02
LG06
LG31
LJ250
FX850
FX1050
HP_LASERJET
PROPRINTER
SILENTWRITER
GENERIC

DEClaser 1100
DEClaser 2100
DEClaser 2100 Plus
DEClaser 2200
DEClaser 2200 Plus
DEClaser 3200
DIGITAL LN03
DIGITAL LN03 Plus
DIGITAL LA50
DIGITAL LA70
DIGITAL LA75
DIGITAL LA210
DIGITAL LA324
DIGITAL LG01
DIGITAL LG02
DIGITAL LG06
DIGITAL LG31
DIGITAL LJ250
EPSON FX850
EPSON FX1050
Hewlett-Packard LaserJet IID
IBM Proprinter
NEC Silentwriter 2, model 290 (not PostScript)
All other printer types (the default).

You can use the /TYPE qualifier only if the specified queue is a printer queue.

ADMINISTER Commands 2–139

ADMINISTER Commands
SET PRINT QUEUE

Examples
1.

LANDOFOZ\\TINMAN> SET PRINT QUEUE TOTO/PAUSE
%PWRK-S-QUESET, queue "TOTO" paused on server "TINMAN"
This example pauses the print queue TOTO. Any print job that is currently
printing is allowed to finish. No further print jobs in the queue will be
printed until the queue is continued.

LANDOFOZ\\TINMAN> SET PRINT QUEUE TOTO/CONTINUE
%PWRK-S-QUESET, queue "TOTO" continued on server "TINMAN"
This example continues the paused print queue TOTO. Any jobs in the
print queue are allowed to print.

LANDOFOZ\\TINMAN> SET PRINT QUEUE TOTO/PURGE
%PWRK-S-QUESET, queue "TOTO" purged on server "TINMAN"
This example removes all print jobs from the print queue TOTO. Any print
job that is currently printing is allowed to finish.

2–140 ADMINISTER Commands

ADMINISTER Commands
SHOW ACCOUNT POLICY

SHOW ACCOUNT POLICY
Displays account policy information for the domain. The policy information
includes:
•

The minimum password age

•

The maximum password age

•

The minimum password length

•

The length of the password history maintained

•

Whether users are forcibly disconnected when their logon hours expire

•

Number of incorrect password attempts before a user account is locked out

•

Number of minutes account remains locked (displayed only if the lockout
feature is enabled by means of the SET ACCOUNT POLICY/LOCKOUT
command)

•

Number of minutes to wait before resetting lockout count (displayed only
if the lockout feature is enabled by means of the SET ACCOUNT POLICY
/LOCKOUT command)

•

The server’s role in the domain

Format
SHOW ACCOUNT POLICY

[/qualifier]

Restrictions
Use of this command does not require special group membership.

Related Commands
SET ACCOUNT POLICY

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain for which to show the account policy. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.

ADMINISTER Commands 2–141

ADMINISTER Commands
SHOW ACCOUNT POLICY
/SERVER=server-name
Specifies the name of a server that is a member of the domain for which to
show the account policy. Do not specify both /DOMAIN and /SERVER on the
same command line.

Example
LANDOFOZ\\TINMAN> SHOW ACCOUNT POLICY
Account Policy for domain "LANDOFOZ":
Minimum password age (days) : 1
Maximum password age (days) : 90
Minimum password length : 0
Length of password history maintained : None
Force user logoff after logon hours expire : NO
Lock out account after how many bad password attempts : Never
Role of server TINMAN : Primary Domain Controller
This example displays the account policy information for the domain currently
being administered (LANDOFOZ).

2–142 ADMINISTER Commands

ADMINISTER Commands
SHOW ADMINISTRATION

SHOW ADMINISTRATION
Displays information about the domain and server currently being administered, and information about the current user. The administration information
includes:
•

The name of the domain being administered

•

The name of the primary domain controller for the domain

•

The domain controller type

•

The name of the server being administered

•

The server type

•

The current user name

•

Whether the user is logged on to the network, and if so, to what domain
and whether the user has been authenticated by a logon server

•

If the user is logged on and has been authenticated, the account and
operator privileges the user has in the domain

•

The name of the user’s local workstation and what domain it is in

Format
SHOW ADMINISTRATION

Restrictions
Use of this command does not require special group membership.

Related Commands
SET ADMINISTRATION

Example
LANDOFOZ\\TINMAN> SHOW ADMINISTRATION
Administration information:
The domain being administered is: LANDOFOZ
The domain controller for the domain is: TINMAN
The domain controller type is: Advanced Server for OpenVMS
The server being administered is: TINMAN
The server type is: Advanced Server for OpenVMS

ADMINISTER Commands 2–143

ADMINISTER Commands
SHOW ADMINISTRATION
The user name is: SCARECROW
The user is logged on to domain LANDOFOZ and has been authenticated.
The user’s privilege level on this domain is: ADMIN
The user’s workstation is TINMAN and is in domain LANDOFOZ.
This example displays information about the domain and server being
administered, and information about the current user.

2–144 ADMINISTER Commands

ADMINISTER Commands
SHOW AUDIT POLICY

SHOW AUDIT POLICY
Displays whether auditing is enabled for the domain, and what events are
being audited.

Format
SHOW AUDIT POLICY

[/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
SET AUDIT POLICY
SHOW EVENTS

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain for which to show the audit policy. The
default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.
/SERVER=server-name
Specifies the name of a server that is a member of the domain for which to
show the audit policy. Do not specify both /DOMAIN and /SERVER on the
same command line.

Example
LANDOFOZ\\TINMAN> SHOW AUDIT POLICY
Audit Policy for domain "LANDOFOZ":
Auditing is currently Enabled.
Audit Event states:

ADMINISTER Commands 2–145

ADMINISTER Commands
SHOW AUDIT POLICY
Audit Event
-----------------ACCESS
ACCOUNT_MANAGEMENT
LOGONOFF
POLICY_CHANGE
PROCESS
SYSTEM
USER_RIGHTS

Success
-------Disabled
Disabled
Disabled
Enabled
Disabled
Disabled
Enabled

Failure
-------Disabled
Disabled
Disabled
Enabled
Disabled
Disabled
Enabled

This example displays the audit policy information for the domain currently
being administered (LANDOFOZ).

2–146 ADMINISTER Commands

ADMINISTER Commands
SHOW COMPUTERS

SHOW COMPUTERS
Displays a list of computers that are members of the domain and participate
in domain security, and computers that are listed by the Computer Browser
service as active in the domain. The basic display includes, in tabular form:
•

The computer type display symbol, where:
Symbol

Meaning

[PD]
[pd]
[BD]
[bd]
[SV]
[sv]
[WS]
[ws]

A primary domain controller
A primary domain controller unavailable to the network
A backup domain controller
A backup domain controller unavailable to the network
A member server
A member server unavailable to the network
A workstation
A workstation unavailable to the network

Note that a lowercase symbol signifies that the system being referenced
might not be available to the network. To determine whether it is
available, use the SHOW COMPUTER command.
•

The computer name

•

The network operating system type and version, such as the following:
Type

Meaning

OpenVMS (NT 4.0) Primary

Advanced Server for OpenVMS,
LAN Manager type Windows NT
V4.0, primary domain controller
Advanced Server for OpenVMS,
LAN Manager type Windows NT
V4.0, backup domain controller
Advanced Server for OpenVMS,
LAN Manager type Windows NT
V4.0, member server
Windows NT workstation

OpenVMS (NT 4.0) Backup

OpenVMS (NT 4.0) Server

Windows NT Workstation
•

The computer’s description

ADMINISTER Commands 2–147

ADMINISTER Commands
SHOW COMPUTERS
A usage summary for each computer can optionally be included in the display.
If a computer does not support remote administration, it is unavailable to the
network (for example, it is turned off), or the /TYPE=DOMAIN_MEMBERS
qualifier is specified, the display symbol appears in lowercase letters, the
description and usage summary are blank, and the network operating system
type may be incomplete or inaccurate.

Format
SHOW COMPUTERS [computer-name] [/qualifiers]

Restrictions
Use of this command in its default form does not require special group
membership; however, the use of certain qualifiers may require special
group membership. See the specific qualifier for any group membership
requirements.

Related Commands
ADD COMPUTER
REMOVE COMPUTER
SET COMPUTER

Parameters
computer-name
Indicates that only information for the specified computer should be displayed.
If you omit the computer-name, then the display contains information about
all computers in the domain that match any filtering criteria. Do not specify
the computer-name parameter on the same command line as the /DOMAIN or
/TYPE qualifiers.

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain for which to show computer information. The
default is the domain currently being administered. Do not specify both the
/DOMAIN qualifier and the computer-name parameter on the same command
line.

2–148 ADMINISTER Commands

ADMINISTER Commands
SHOW COMPUTERS
/FULL
/NOFULL
Controls whether a usage summary is included for each computer in the
display. The default, /NOFULL, omits the usage summary. The usage
summary contains the number of:
•

Sessions open to the computer

•

Files opened by connected users

•

File locks by connected users

•

Open administration resources

Obtaining the usage summary requires a connection to be made to the
computer, which may take several seconds to complete. Use of this qualifier
requires membership in the Administrators local group.
/TYPE=computer-type
Specifies the types of computers to include in the display. Precede computertype with NO to exclude the specified computer type from the display. The
value of computer-type can be one or more of the following:
Computer-Type

Description

ALL
All types of computers (default)
[NO]BACKUP_DOMAIN_CONTROLLERS
Computers that are currently acting as backup
domain controllers
[NO]DOMAIN_MEMBERS
Only computers that have accounts in the domain’s
security database; the default is NODOMAIN_
MEMBERS, which displays all computers —
both computers in the domain’s security database
and those listed as active in the domain by the
Computer Browser service
[NO]MACINTOSH
Computers running the Apple File Protocol service
[NO]PATHWORKS
Compaq OpenVMS servers
[NO]PRIMARY_DOMAIN_CONTROLLER
The primary domain controller for the domain
[NO]SERVERS
Computers acting as servers on the network

ADMINISTER Commands 2–149

ADMINISTER Commands
SHOW COMPUTERS
Computer-Type

Description

[NO]WORKSTATIONS

Computers acting as workstations on the network

Do not specify both the /TYPE qualifier and the computer-name parameter on
the same command line.

Example
LANDOFOZ\\TINMAN> SHOW COMPUTERS/FULL
Computers in domain "LANDOFOZ":
Computer
Type
Description
---------------- ------------------------ -------------------------[PD] TINMAN
OpenVMS (NT 4.0) Primary Advanced Server V7.3 for
OpenVMS
Sessions: 5 Open Files: 0 File Locks: 0 Open Named Pipes: 1
[BD] DOROTHY
OpenVMS (NT 4.0) Backup Advanced Server V7.3 for
OpenVMS
Sessions: 2 Open Files: 2 File Locks: 0 Open Named Pipes: 0
Total of 2 computers

This example displays a list of all computers in the domain LANDOFOZ, and
includes a usage summary for each computer.

2–150 ADMINISTER Commands

ADMINISTER Commands
SHOW CONNECTIONS

SHOW CONNECTIONS
Displays information about active connections to the server. The display
includes, in tabular form:
•

The connected user’s name

•

The user’s computer name

•

The name of the shared resource connected to

•

The number of open connections to each share

•

The total connect time to the share in days, hours, and minutes

Format
SHOW CONNECTIONS [computer-name] [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Server
Operators local group.

Related Commands
SHOW OPEN_FILES
SHOW SESSIONS

Parameters
computer-name
Indicates that only connections from the specified computer should be
displayed. If you omit the computer-name, then the display contains connection
information for all computers that match any filtering criteria.

Qualifiers
/SERVER=server-name
Specifies the name of the server for which to show connections. The default is
the server currently being administered.
/SHARENAME=share-name
Restricts the display of information to connections made to the specified shared
resource. Do not specify both /SHARENAME and /TYPE on the same command
line.

ADMINISTER Commands 2–151

ADMINISTER Commands
SHOW CONNECTIONS
/TYPE=share-type
Controls the types of shared resource connections to be included in the display.
Precede a share-type keyword with NO to exclude the specified connection type
from the display. The value of the share-type keyword can be one or more of
the following:
Share-Type

Resource

ALL
[NO]DIRECTORY
[NO]PRINT
[NO]DEVICE
[NO]IPC

All types of connections (the default)
Connections to directory shares
Connections to print queue shares
Connections to communications devices
Connections to interprocess communication

Do not specify both /SHARENAME and /TYPE on the same command line.
/USERNAME=user-name
Restricts the display of information to connections made by the specified user.

Examples
1.

LANDOFOZ\\TINMAN> SHOW CONNECTIONS
Connections on server "TINMAN":
User name
---------------ADMINISTRATOR
SCARECROW
SCARECROW
SCARECROW
SCARECROW

Computer name
--------------TINMAN_176
TINMAN_149
TINMAN_149
TINMAN_149
TINMAN_149

Share name
Opens Time
------------ ----- -------IPC$
3 0 11:30
ADMIN$
0 0 00:00
IPC$
0 0 00:00
IPC$
1 0 00:00
RAINBOW
0 0 06:14

Total of 5 connections
This example displays information about all the connections to the server
currently being administered (TINMAN).

2–152 ADMINISTER Commands

ADMINISTER Commands
SHOW CONNECTIONS
2.

LANDOFOZ\\TINMAN> SHOW CONNECTIONS/SHARENAME=RAINBOW
Connections on server "TINMAN":
User name
Computer name
Share name
Opens Time
---------------- --------------- ------------ ----- -------SCARECROW
TINMAN_149
RAINBOW
0 0 06:14
Total of 1 connection
This example displays information about all the connections to the shared
resource RAINBOW on the server being administered (TINMAN).

ADMINISTER Commands 2–153

ADMINISTER Commands
SHOW EVENTS

SHOW EVENTS
Displays information about events logged to a specified event log file on a
server. The basic display includes, in tabular form:
•

The event type (Informational, Warning, Error, Success audit or Failure
audit)

•

The date when the event occurred

•

The time when the event occurred

•

The source that logged the event

•

The event category

•

The event number used to identify the event

•

The user name associated with the event

•

The name of the computer where the event occurred

You can display additional information by using command qualifiers.

Format
SHOW EVENTS [log-file-spec] [/qualifiers]

Restrictions
No special group membership is required to view the system or application
event log file. Membership in the Administrators local group is required to
view the security event log file.

Related Commands
CLEAR EVENTS
SAVE EVENTS
SET AUDIT POLICY
SHOW AUDIT POLICY

Parameters
log-file-spec
Specifies an optional local file specification of a saved log file from which to
display events. On Compaq OpenVMS servers, if no device or directory is
specified, the event log file is searched for in the path pointed to by the logical

2–154 ADMINISTER Commands

ADMINISTER Commands
SHOW EVENTS
name PWRK$LMLOGS. You must specify the /TYPE qualifier to select the type
of log file that was saved to the archived file.

Qualifiers
/BEFORE=date-time
Displays all events logged prior to a specified date and time. The default
is the current date and time. The time value can be an absolute, delta,
or combination time value, or one of the following keywords: TODAY,
TOMORROW, or YESTERDAY.
/CATEGORY=category
Specifies the category of events to display. The category is defined by the
source that logged the event. For example, the Security event categories are:
Logon/Logoff, Policy Change, Privilege Use, System Event, Object Access,
Detailed Tracking, and Account Management.
/CLASS=(class[,...])
Controls the class of events to display. Precede the class keyword with NO to
exclude the specified event class from the display. The class keyword can be
one or more of the following:
Class

Event Type

ALL
[NO]INFORMATION
[NO]WARNING
[NO]ERROR
[NO]SUCCESS_AUDIT
[NO]FAILURE_AUDIT

Selects all events. This is the default.
Selects informational events.
Selects warning events.
Selects error events.
Selects audit events that succeeded.
Selects audit events that failed.

/COMPUTER=computer-name
Displays only events generated by the specified computer name.
/COUNT=n
Specifies the maximum number of events to display. By default, entries are
displayed that match any filtering criteria.
/EVENTID=event-id
Displays entries for a specific event number (event-id) only.

ADMINISTER Commands 2–155

ADMINISTER Commands
SHOW EVENTS
/FULL
/NOFULL
Displays detailed information for each event. This information is generated
by the application that was the source of the event record. Not all sources or
events generate event details. /NOFULL, the default, omits event details.
/SERVER=server-name
Specifies the name of the server from which to display the events. The default
is the server currently being administered.
/SINCE=date-time
Displays all events logged on or after the specified date and time. The
time value can be an absolute, delta, or combination time value, or one
of the following keywords: TODAY, TOMORROW, or YESTERDAY. When
the /SINCE qualifier is omitted, all events logged since the event log was
created are displayed. The /SINCE qualifier without a value is equivalent to
/SINCE=TODAY.
/SORT=sort-order
Specifies the sorting order of the display, where sort-order is either of the
following keywords:
Sort-Order

Description

ASCENDING
DESCENDING

Ascending order by date and time
Descending order by date and time (the default)

/SOURCE=source-name
Displays only events generated by the specified source. The source-name
specifies the software that logged the event, which can be either an application
name or a component of the system or an application, such as a driver name.
/TYPE=log-type
Specifies the event log file or log type to be displayed. If the log-file-spec
parameter is not specified, log-type indicates which log file you wish to display.
If the log-file-spec parameter is specified, the /TYPE qualifier is required and
log-type indicates what type of log was saved in the archived file. The log-type
keyword can be one of the following:

2–156 ADMINISTER Commands

ADMINISTER Commands
SHOW EVENTS
Log-Type

Log File

APPLICATION
SECURITY
SYSTEM

The application event log file
The security event log file
The system event log file (the default)

/USERNAME=user-name
Displays only events associated with a specific user name.

Example
LANDOFOZ\\TINMAN> SHOW EVENTS/TYPE=SYSTEM/SINCE=16-OCT-2000:13:00
Events in System Event Log on server "TINMAN":
T Date
Time
Source
Category
Event User
Computer
- -------- ----------- --------- ------------ ------ ------- -------I 10/16/00 03:04:27 PM Eventlog None
6005 N/A
TINMAN
I 10/18/00 01:33:03 PM Eventlog None
6005 N/A
TINMAN
I 10/18/00 03:11:04 PM Eventlog None
6005 N/A
TINMAN
I 10/18/00 04:58:45 PM Eventlog None
6005 N/A
TINMAN
E 10/19/00 03:47:51 PM NETLOGON None
3210 N/A
TINMAN
E 10/19/00 03:49:03 PM NETLOGON None
3210 N/A
TINMAN
I 10/20/00 08:38:36 AM Eventlog None
6005 N/A
TINMAN
Total of 7 events
This example displays all events in the system event log file which have
been logged since 16-OCT-2000 at 1:00 PM on the server being administered
(TINMAN).

ADMINISTER Commands 2–157

ADMINISTER Commands
SHOW FILES

SHOW FILES
Displays information about directory and file auditing, ownership, and
permissions.

Format
SHOW FILES path [/qualifiers]

Restrictions
Use of this command does not require special group membership. However,
you must have read permission to the files or directories you wish to show.

Related Commands
SET FILE
SHOW OPEN_FILES

Parameters
path
Specifies the UNC (Universal Naming Convention) path to the directory or file
for which to show information.

Qualifiers
/AUDIT
/NOAUDIT
/AUDIT displays auditing information for the specified directory or files. Each
file or directory is followed by a list of users and groups that have auditing
events enabled, and which success and failure events are being audited. The
default is /NOAUDIT, which omits the auditing information.
/FILES
/NOFILES
Specifies whether only files or directories are displayed. This qualifier is only
valid if path specifies a directory. The default is /FILES, which displays the
files in directories.

2–158 ADMINISTER Commands

ADMINISTER Commands
SHOW FILES
/FULL
/NOFULL
Displays all information about the specified directory or files. /FULL is
equivalent to specifying /AUDIT/OWNERSHIP/PERMISSIONS. /NOFULL, the
default, just displays the file names that match any filtering criteria.
/OWNERSHIP
/NOOWNERSHIP
Displays the owner of the specified directory or files. The default,
/NOOWNERSHIP, omits the owner.
/PERMISSIONS
/NOPERMISSIONS
Displays access permission information for the specified directory or files.
Each file or directory is followed by a list of users and groups that have been
granted access permissions, along with the granted permissions. The default,
/NOPERMISSIONS, omits the access permission information.
/SERVER=server-name
Specifies the name of the server on which the directory or files reside and for
which to display the requested information. The default is the server currently
being administered.
/SUBDIRECTORIES
/NOSUBDIRECTORIES
Specifies whether all subdirectories below the specified directory should be
displayed. This qualifier is only valid if path specifies a directory. The default,
/NOSUBDIRECTORIES, omits subdirectories below the specified directory.

Example
LANDOFOZ\\TINMAN> SHOW FILES STATES\KANSAS\*.DAT /FULL
Files in: \\TINMAN\STATES\KANSAS
FILE1.DAT
Permissions:
Administrators
Everyone
Server Operators
SYSTEM
Audit Events: (None specified)
Owner: Scarecrow

Full (All)
Change (RWXD)
Change (RWXD)
Full (All)

ADMINISTER Commands 2–159

ADMINISTER Commands
SHOW FILES
FILE2.DAT
Permissions:
Administrators
Everyone
Server Operators
SYSTEM
Audit Events:
Everyone
Owner: Scarecrow

Full (All)
Change (RWXD)
Change (RWXD)
Full (All)
Success
Failure
RW---RWXDPO

Total of 2 files
This example displays auditing, permissions, and owner information about all
.DAT files in the shared directory KANSAS in the share STATES that resides
on the server currently being administered (TINMAN).

2–160 ADMINISTER Commands

ADMINISTER Commands
SHOW GROUPS

SHOW GROUPS
Displays information about groups that are defined in a domain. The basic
display includes, in tabular form:
•

The group name

•

The group type (local or global)

•

The group’s description

You can display additional information by using command qualifiers.

Format
SHOW GROUPS [group-name] [/qualifiers]

Related Commands
ADD GROUP
COPY GROUP
MODIFY GROUP
REMOVE GROUP

Parameters
group-name
Indicates that information only for the specified group should be displayed. If
you omit group-name, then the display contains information about all groups
in the domain that match any filtering criteria. Do not specify the group-name
parameter on the same command line as the /GLOBAL or /LOCAL qualifiers.

Qualifiers
/DOMAIN=domain-name
Specifies the name of the domain for which to display the group information.
The default is the domain currently being administered. Do not specify both
/DOMAIN and /SERVER on the same command line.

ADMINISTER Commands 2–161

ADMINISTER Commands
SHOW GROUPS
/FULL
/NOFULL
/FULL displays all information about the groups; equivalent to specifying
/MEMBERS. The default is /NOFULL, which omits all information about
groups. Use of this qualifier requires membership in the Administrators or
Account Operators local group.
/GLOBAL
Specifies that only global groups should be included in the display. If you
specify neither /GLOBAL nor /LOCAL, both global and local groups are
displayed. Do not specify the group-name parameter on the same command
line as the /GLOBAL qualifier.
/LOCAL
Specifies that only local groups should be included in the display. If you specify
neither /GLOBAL nor /LOCAL, both global and local groups are displayed.
Do not specify the group-name parameter on the same command line as the
/LOCAL qualifier.
/MEMBERS
/NOMEMBERS
Controls whether the list of members for each group is included in the display.
By default, the member list is not displayed. Use of this qualifier requires
membership in the Administrators or Account Operators local group.
/SERVER=server-name
Specifies the name of a server that is a member of the domain for which to
show the group information. Do not specify both /DOMAIN and /SERVER on
the same command line.

Examples
1.

LANDOFOZ\\TINMAN> SHOW GROUPS ADMINISTRATORS/MEMBERS
Groups in domain "LANDOFOZ":
Group Name
Type
Description
-------------------- ------ --------------------------------------Administrators
Local Members can fully administer the domain
Members: [US] Administrator, [GR] Domain Admins
Total of 1 group
This example displays information about the local group ADMINISTRATORS
in the default domain (LANDOFOZ). It includes the list of members of the
group. The member Administrator is a user account, as indicated by the

2–162 ADMINISTER Commands

ADMINISTER Commands
SHOW GROUPS
[US] display symbol. The member Domain Admins, is a group, as indicated
by the [GR] display symbol. See the Help topic ‘‘Display_Symbols’’ for
further information about display symbols.
2.

LANDOFOZ\\TINMAN> SHOW GROUPS "Domain Admins"/MEMBERS
Groups in domain "LANDOFOZ":
Group Name
Type
Description
-------------------- ------ --------------------------------------Domain Admins
Global Designated administrators of the domain
Members: [US] Administrator
Total of 1 group
This example displays information about the global group Domain Admins
in the default domain (LANDOFOZ). The group name must be enclosed
within quotation marks because it contains a space. The display includes
the list of members of the group. The member Administrator is a user
account, as indicated by the [US] display symbol.

ADMINISTER Commands 2–163

ADMINISTER Commands
SHOW HOSTMAP

SHOW HOSTMAP
Displays account mappings between Advanced Server user accounts and
OpenVMS user accounts on a server.

Format
SHOW HOSTMAP [[domain-name\]user-name] [/qualifiers]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command requires membership in the Administrators local group.

Related Commands
ADD HOSTMAP
REMOVE HOSTMAP

Parameters
[domain-name\ ]user-name
Specifies either an Advanced Server or OpenVMS system user name for which
to display account mappings. If you do not specify a user name, mappings for
all user accounts are displayed.
You can display account mappings for a network user in a trusted domain.
Specify the domain-qualified user name in the format domain-name\ username, such as KANSAS\DOLE, where KANSAS is the trusted domain, and
DOLE is the user name of the user account defined in the trusted domain. If
you omit the domain name, the user account is assumed to be defined in the
domain of the server currently being administered.

Qualifiers
/HOSTUSER
Displays mappings between OpenVMS user accounts and Advanced Server
user accounts. If a user name was specified, /HOSTUSER indicates that
the name is an OpenVMS user name. Do not specify both /HOSTUSER and
/NETUSER on the same command line.

2–164 ADMINISTER Commands

ADMINISTER Commands
SHOW HOSTMAP
/NETUSER
Displays mappings between Advanced Server user accounts and OpenVMS
user accounts. This is the default if neither /NETUSER or /HOSTUSER is
specified. If a user name is specified, /NETUSER indicates that the name is an
Advanced Server user name. Do not specify both /HOSTUSER and /NETUSER
on the same command line.
/SERVER=server-name
Specifies the name of the server for which to show the account mappings. The
default is the server currently being administered.

Examples
1.

LANDOFOZ\\TINMAN> SHOW HOSTMAP
Host Mappings for server "TINMAN":
User Name
-----------------------------------Guest
SCARECROW
WITCH

Host Name
---------------PWRK$GUEST
STRAWMAN
WICCER

Total of 3 host mappings
This example displays the account mappings between OpenVMS user
accounts and Advanced Server user accounts for the server currently being
administered (TINMAN).
2.

LANDOFOZ\\TINMAN> SHOW HOSTMAP SCARECROW/NETUSER
Host Mappings for server "TINMAN":
User Name
Host Name
------------------------------------ ---------------SCARECROW
STRAWMAN
Total of 1 host mapping
This example displays the account mapping for the Advanced Server user
SCARECROW on the server currently being administered (TINMAN).

ADMINISTER Commands 2–165

ADMINISTER Commands
SHOW MODE

SHOW MODE
Displays the current ADMINISTER command output display format and input
mode.

Format
SHOW MODE

Restrictions
None

Related Commands
SET MODE

Example
LANDOFOZ\\TINMAN> SHOW MODE
Current mode settings:
Input: RAW
Output: RAW, FILTER
In this example, the current output and input modes are RAW. Output is
filtered, meaning that character codes 127 - 160 (hex) are converted to spaces.

2–166 ADMINISTER Commands

ADMINISTER Commands
SHOW OPEN_FILES

SHOW OPEN_FILES
Displays information about shared files, devices, and administration resources
open on a server. The display includes, in tabular form:
•

The resource ID (a unique number used to identify the resource)

•

The name of the user that has the resource open

•

The access granted when the resource was opened

•

The number of locks on the resource

•

The path to the resource

Format
SHOW OPEN_FILES [resource-id] [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators or Server
Operators local group.

Related Commands
CLOSE OPEN_FILE
SHOW CONNECTIONS
SET FILE
SHOW FILES

Parameters
resource-id
Displays information for only the resource with the specified resource-id. If you
omit the resource-id, information for all open resources is displayed.

Qualifiers
/SERVER=server-name
Specifies the name of the server for which to show open resources. The default
is the server currently being administered.
/USERNAME=user-name
Restricts the display of information to resources opened by the specified user.

ADMINISTER Commands 2–167

ADMINISTER Commands
SHOW OPEN_FILES

Examples
1.

LANDOFOZ\\TINMAN> SHOW OPEN_FILES/USERNAME=SCARECROW
Open files on server "TINMAN":
Res ID
--------2
6

User Name
-------------------SCARECROW
SCARECROW

For
Locks Path
------- ----- ---------------------Write
0 TINMAN$DK0:[S.A]A.C
Write
0 TINMAN$DK0:[S.A]B.C

Total of 2 open files
This example shows the resources currently opened by user SCARECROW
on the server currently being administered (TINMAN).
2.

LANDOFOZ\\TINMAN> SHOW OPEN_FILES
Open files on server "TINMAN":
Res ID
--------2
6
9998
10000
9999

User Name
-------------------SCARECROW
SCARECROW
ADMINISTRATOR
ADMINISTRATOR
ADMINISTRATOR

For
Locks Path
------- ----- ---------------------Write
0 TINMAN$DK0:[S.A]A.C
Write
0 TINMAN$DK0:[S.A]B.C
Write
0 \PIPE\LSARPC
Write
0 \PIPE\SAMR
Write
0 \PIPE\SAMR

Total of 5 open files
This example shows all the resources currently opened on server TINMAN,
including the system or administrative resources (in this case, the named
pipes that are open).

2–168 ADMINISTER Commands

ADMINISTER Commands
SHOW PRINT JOBS

SHOW PRINT JOBS
Displays information about print jobs in OpenVMS Advanced Server print
queues. For each queue that contains jobs, a one-line queue summary is
output, which displays the queue type (printer or routing), the queue name, the
queue status, and number of jobs in the queue. This is followed by information
for each job in the queue, which includes in tabular form:
•

The Job ID (a unique number used to identify the print job)

•

The name of the user that queued the print job

•

The size of the print job in kilobytes

•

The status of the print job

Format
SHOW PRINT JOBS [job-id] [/qualifiers]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command does not require special group membership.

Related Commands
SET PRINT JOB
SHOW PRINT QUEUES

Parameters
job-id
Specifies the job identification number of a particular print job to display. If
you omit job-id, information for all print jobs in all print queues is displayed.
Do not specify both the job-id parameter and the /QUEUE qualifier on the
same command line.

Qualifiers
/QUEUE=queue-name
Specifies the print queue for which to display print job information. Do not
specify both the job-id parameter and the /QUEUE qualifier on the same
command line.

ADMINISTER Commands 2–169

ADMINISTER Commands
SHOW PRINT JOBS
/SERVER=server-name
Specifies the name of the server for which to show the print jobs. The default
is the server currently being administered.

Example
LANDOFOZ\\TINMAN> SHOW PRINT JOBS
Printing Queue HPLASER_W3 : ACTIVE
Job User Name
Size
Status
----- -------------------- ------------ ------------------330 system
2048 PRINTING
583 scarecrow
2048 QUEUED
358 lion
1536 QUEUED
This example displays information about all print jobs in all print queues on
the server currently being administered (TINMAN).

2–170 ADMINISTER Commands

ADMINISTER Commands
SHOW PRINT QUEUES

SHOW PRINT QUEUES
Displays information about OpenVMS Advanced Server print queues. The
display includes, in tabular form:
•

The queue name

•

The number of jobs in the queue

•

The queue status

•

If a printer queue, "printer device:printer type;" if a routing queue, the list
of print queues to which print jobs are routed

•

The queue description

If a job is currently printing from a given queue, an additional line is displayed
that contains the Job ID (job identification number) of the job, the user name
that queued the print job, and the status of the print job.

Format
SHOW PRINT QUEUES [queue-name] [/qualifier]

Restrictions
This command is valid only to Compaq OpenVMS servers. Use of this
command does not require special group membership.

Parameters
queue-name
Specifies the OpenVMS Advanced Server print queue for which to display
information. If you do not supply a queue-name, information for all Advanced
Server print queues is displayed.

Qualifiers
/SERVER=server-name
Specifies the name of the server for which to show the print queues. The
default is the server currently being administered.

ADMINISTER Commands 2–171

ADMINISTER Commands
SHOW PRINT QUEUES

Example
LANDOFOZ\\TINMAN> SHOW PRINT QUEUES/SERVER=WOODMAN
Name
Jobs Status
Printer/Routing Description
------------ ----- -------------------- ---------------------------------BOB_PRNT
0 PAUSED destination paused
LRA0:GENERIC
GWENN
0 PAUSED
BOB_PRNT
LASER
1 PAUSED destination paused
OPA0GENERIC
Crew Printer
Jill
0 PAUSED
PARSIFAL
J’s rout.que
TOTO
6 ACTIVE
BOB_PRNT
This example displays information about the print queues on the server
WOODMAN.

2–172 ADMINISTER Commands

ADMINISTER Commands
SHOW SERVICES

SHOW SERVICES
Displays status information for installed network services available on a server.
A service’s state can be started, paused, or stopped.

Format
SHOW SERVICES [servicename] [/qualifier]

Restrictions
Use of this command does not require special group membership.

Related Commands
CONTINUE SERVICE
PAUSE SERVICE
START SERVICE
STOP SERVICE

Parameters
servicename
Specifies the network service for which information should be displayed. If you
omit servicename, information for all installed services is displayed.

Qualifiers
/SERVER=server-name
Specifies the name of the server for which to display service information. The
default is the server currently being administered.

ADMINISTER Commands 2–173

ADMINISTER Commands
SHOW SERVICES

Example
LANDOFOZ\\TINMAN> SHOW SERVICES
Services on server "TINMAN":
Service
--------------ALERTER
BROWSER
EVENTLOG
NETLOGON
SERVER

Status
--------------Started
Started
Started
Started
Started

Total of 5 services
This example displays status information for all installed services on the server
currently being administered (TINMAN).

2–174 ADMINISTER Commands

ADMINISTER Commands
SHOW SESSIONS

SHOW SESSIONS
Displays information about active sessions to a server. A session is a link
between a workstation and a server. It is established the first time a
workstation makes a connection with a shared resource on the server. Until
the session ends, all further connections between the workstation and the
server are part of this same session. The session display includes, in tabular
form:
•

The name of the user that established the session

•

The name of the computer that established the session

•

The number of resources opened on the computer by the user

•

The elapsed time since the session was established

•

The time elapsed since the user last initiated an action

•

Whether a session is using Guest access

Format
SHOW SESSIONS [computer-name] [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group.

Related Commands
CLOSE SESSION
SHOW CONNECTIONS

Parameters
computer-name
Specifies the name of a computer whose sessions should be displayed. If you
omit computer-name, then session information is displayed for all computers
connected to the specified server.

ADMINISTER Commands 2–175

ADMINISTER Commands
SHOW SESSIONS

Qualifiers
/SERVER=server-name
Specifies the name of the server for which to show session information. The
default is the server currently being administered.
/USERNAME=user-name
Specifies the name of a user whose sessions are to be displayed. By default,
sessions for all users are displayed.

Example
LANDOFOZ\\TINMAN> SHOW SESSIONS
User Sessions on server "TINMAN":
Connected Users
-----------------ADMINISTRATOR
SCARECROW

Computer
Opens Time
Idle
--------------- ----- -------- -------TINMAN_176
3 1 23:01 0 00:00
TINMAN_149
0 0 21:18 0 18:19

Guest
----No
No

Total of 2 connected users
This example displays information about all sessions established to the server
currently being administered (TINMAN).

2–176 ADMINISTER Commands

ADMINISTER Commands
SHOW SHARES

SHOW SHARES
Displays information about shared resources available on a server. The basic
display includes, in tabular form:
•

The name of the share

•

The share type (directory or print)

•

The share description

You can display additional information by using command qualifiers.

Format
SHOW SHARES share-name [/qualifiers]

Restrictions
Use of this command in its default form does not require special group
membership; however, the use of certain qualifiers requires special
group membership. See the specific qualifier for any group membership
requirements.

Related Commands
ADD SHARE/DIRECTORY
ADD SHARE/PRINT
MODIFY SHARE
REMOVE SHARE

Parameters
share-name
Specifies the name of the share for which to display information. If you
omit share-name, then the display contains information about all shares on
the server that match any filtering criteria. Do not specify the share-name
parameter on the same command line as the /ACTIVE, /HIDDEN, or /TYPE
qualifiers.

ADMINISTER Commands 2–177

ADMINISTER Commands
SHOW SHARES

Qualifiers
/ACTIVE
Indicates that only active shares are to be displayed. Active shares are shares
that have connections established to them. Use of this qualifier requires
membership in the Administrators or Server Operators local group.
/FULL
/NOFULL
Displays all information about the shares. /FULL is equivalent to specifying
/HOST_ATTRIBUTES/LIMIT/PATH/PERMISSIONS. Use of this qualifier
requires membership in the Administrators or Server Operators local group.
The default is /NOFULL, which omits all information about shares.
/HIDDEN
Includes hidden shares in the display. Hidden shares are shares whose name
ends in a dollar sign ($) such as administrative resources and local device
shares (such as C$). By default, the SHOW SHARES command does not
display hidden shares unless you specify a specific share name, or you use the
/TYPE qualifier to select a specific share type.
/HOST_ATTRIBUTES
/NOHOST_ATTRIBUTES
Displays the directory protection, file protection, and RMS record format for the
share. The default is to omit this information (/NOHOST_ATTRIBUTES). This
information is available only on directory shares offered by Advanced Server
servers. Use of this qualifier requires membership in the Administrators or
Server Operators local group.
/LIMIT
/NOLIMIT
Displays the maximum number of connections allowed to the share, and the
current number of connections to the share. The default is /NOLIMIT, which
omits the maximum number of connections. Use of this qualifier requires
membership in the Administrators or Server Operators local group.
/PATH
/NOPATH
Displays the path to the share. For a directory share, the path is the path
to the shared directory tree. For a print share, the path is the name of the
associated OpenVMS Advanced Server print queue. The default is /NOPATH,
which omits the path to the share. Use of this qualifier requires membership
in the Administrators or Server Operators local group.

2–178 ADMINISTER Commands

ADMINISTER Commands
SHOW SHARES
/PERMISSIONS
/NOPERMISSIONS
Displays the permissions associated with the shared resource. The default
is /NOPERMISSIONS, which omits the permissions. Use of this qualifier
requires membership in the Administrators or Server Operators local group.
/SERVER=server-name
Specifies the name of the server for which to display share information. The
default is the server currently being administered.
/TYPE=share-type
Specifies the types of shared resources to display. Precede a share-type keyword
with NO to exclude the specified share type from the display. The value of the
share-type keyword can be one of the following:
Share-Type

Shared Resource Type

ALL

All types of shares (the default): DIRECTORY,
PRINT, DEVICE, IPC, and PERSONAL. To display
hidden shares, you must specify the /HIDDEN
qualifier or share name.
Directory shares.
Print queue shares.
Communications devices.
Interprocess communications resource.
Personal shares (Compaq OpenVMS servers only).

[NO]DIRECTORY
[NO]PRINT
[NO]DEVICE
[NO]IPC
[NO]PERSONAL

Example
LANDOFOZ\\TINMAN> SHOW SHARES/PATH/LIMIT/PERMISSIONS
Shared resources on server "TINMAN":
Name
Type
Description
------------ --------- -------------------------------------NETLOGON
Directory Logon Scripts Directory
Path: PWRK$LMROOT:[LANMAN.REPL.IMPORT.SCRIPTS]
Connections: Current: 0, Maximum: No limit
Share Permissions:
Everyone
Read

ADMINISTER Commands 2–179

ADMINISTER Commands
SHOW SHARES
PWUTIL
Directory PATHWORKS Client-based Utilities
Path: PWRK$LMROOT:[LANMAN.SHARES.WIN]
Connections: Current: 0, Maximum: No limit
Share Permissions:
Everyone
Read
TOTO
Printer
LA210 printer on TINMAN
Queue: TOTO_LA210
Connections: Current: 0, Maximum: No limit
Share Permissions:
Everyone
Print
USERS
Directory Users Directory
Path: PWRK$LMROOT:[LANMAN.ACCOUNTS.USERDIRS]
Connections: Current: 0, Maximum: No limit
Share Permissions:
Everyone
Full Control
Total of 4 shares
This example displays information about all shares defined on the current
server being administered (TINMAN). In addition to the base information, the
display includes path, connection limit, and permissions information.

2–180 ADMINISTER Commands

ADMINISTER Commands
SHOW TRUSTS

SHOW TRUSTS
Displays the list of domains that this domain trusts, and the list of domains
that are permitted to trust this domain.

Format
SHOW TRUSTS [/qualifiers]

Restrictions
None

Related Commands
ADD TRUST
REMOVE TRUST

Qualifiers
/DOMAIN=domain-name
Specifies the domain for which to display trust information. The default is
the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/SERVER=server-name
Specifies the name of a server that is a member of the domain for which to
show the trust information. Do not specify both /DOMAIN and /SERVER on
the same command line.

Example
LANDOFOZ\\TINMAN> SHOW TRUSTS
There are currently no domains trusted by domain LANDOFOZ.
Domains permitted to trust domain LANDOFOZ:
KANSAS
This example displays trust information for the domain being administered
(LANDOFOZ). It shows that the LANDOFOZ domain does not currently trust
any other domains, and it permits domain KANSAS to trust it.

ADMINISTER Commands 2–181

ADMINISTER Commands
SHOW USERS

SHOW USERS
Displays information about user accounts in a domain. The basic display
includes, in tabular form:
•

The user account name

•

The user’s full name

•

The account type (local or global)

•

The user’s description

You can display additional information by using command qualifiers.

Format
SHOW USERS [user-name] [/qualifiers]

Related Commands
ADD USER
COPY USER
MODIFY USER
REMOVE USER

Parameters
user-name
Indicates that only information for the specified user account should be
displayed. If you omit a user name, then the display contains information
for all user accounts in the domain that match any filtering criteria. Do not
specify the user-name parameter on the same command line as the /GLOBAL
or /LOCAL qualifiers.

2–182 ADMINISTER Commands

ADMINISTER Commands
SHOW USERS

Qualifiers
/ACCOUNT
/NOACCOUNT
Includes account information in the display. The account information includes
the account type (local or global) and if and when the account expires, and
password information. The default is /NOACCOUNT, which omits the account
information.
/DOMAIN=domain-name
Specifies the domain for which to display user account information. The default
is the domain currently being administered. Do not specify both /DOMAIN and
/SERVER on the same command line.
/FLAGS
/NOFLAGS
Includes the state of the logon flags in the display. The default is /NOFLAGS,
which omits the state of the flags.
/FULL
/NOFULL
Includes all account information in the display; equivalent to specifying
/ACCOUNT/FLAGS/GROUPS/HOURS/PROFILE/WORKSTATIONS. The
default is /NOFULL, which omits all account information.
/GLOBAL
Restricts the display to global user accounts only. If neither the /GLOBAL
nor /LOCAL qualifiers are specified, both global and local user accounts are
displayed. Do not specify the user-name parameter on the same command line
as the /GLOBAL qualifier.
/GROUPS
/NOGROUPS
Displays groups of which the user is a member. The default is /NOGROUPS,
which omits the groups of which the user is a member.
/HOURS
/NOHOURS
Includes in the display the days and times during which the user can log on.
The default is /NOHOURS, which omits the days and times during which the
user can log on.

ADMINISTER Commands 2–183

ADMINISTER Commands
SHOW USERS
/LOCAL
Restricts the display to local user accounts only. If neither the /LOCAL nor
/GLOBAL qualifiers are specified, both local and global user accounts are
displayed. Do not specify the user-name parameter on the same command line
as the /LOCAL qualifier.
/PROFILE
/NOPROFILE
Includes user profile information in the display. User profile information
includes: the profile path, the logon script name, the home directory drive, and
the home directory path. The default is /NOPROFILE, which does not display
the user profile information.
/SERVER=server-name
Specifies the name of a server that is a member of the domain for which
to show the user account information. Do not specify both /DOMAIN and
/SERVER on the same command line.
/SORT=sort-type
Specifies the sorting order of the display. The sort-type keyword can be either
of the following:
Keyword

Description

USERNAME
FULLNAME

Sort alphabetically by user name (the default)
Sort alphabetically by user’s full name

/WORKSTATIONS
/NOWORKSTATION
Includes in the display the workstations from which the user can log on. The
default is /NOWORKSTATION, which omits the workstations.

Examples
1.

LANDOFOZ\\TINMAN> SHOW USERS
User accounts in domain "LANDOFOZ":
User Name
Full Name
Type
Description
---------------- ---------------- ------ -------------------------Administrator
Global Built-in account for
administering the domain
Guest
Global Built-in account for guest
access to the domain
SCARECROW
The Scarecrow
Global In search of a brain

2–184 ADMINISTER Commands

ADMINISTER Commands
SHOW USERS
Total of 3 user accounts
This example displays the default information for all user accounts in the
domain currently being administered (LANDOFOZ).
2.

LANDOFOZ\\TINMAN> SHOW USERS SCARECROW/FULL
User accounts in domain "LANDOFOZ":
User Name
Full Name
Type
Description
---------------- ---------------- ------ -------------------------SCARECROW
The Scarecrow
Global In search of a brain
User profile:
Logon script:
Home Path:
Primary Group: Domain Users
Member of groups: Administrators, Domain Admins, Domain Users
Workstations: No workstation restrictions
Logon Flags: Login script is executed, Password does not expire
Account Type: Global
Account Expires: Never
Logon hours: (All hours)
Last Log On: 08/23/00 05:07 PM
Password Last Set: 06/30/00 11:03 AM
Password Changeable: 06/30/00 11:03 AM
Password Expires: 09/11/00 11:03 AM
Total of 1 user account
This example displays all information for the user account SCARECROW
on the domain currently being administered (LANDOFOZ).

ADMINISTER Commands 2–185

ADMINISTER Commands
SHOW VERSION

SHOW VERSION
Displays the Advanced Server software version information for the local server.

Format
SHOW VERSION

Restrictions
This command is available to Compaq OpenVMS servers only. Use of this
command does not require special group membership.

Example
LANDOFOZ\\TINMAN> SHOW VERSION
Advanced Server V7.3 for OpenVMS

2–186 ADMINISTER Commands

ADMINISTER Commands
START SERVICE

START SERVICE
Starts a network service that is currently stopped. Use the SHOW SERVICES
command to display a list of available services.

Format
START SERVICE servicename [/qualifier]

Restrictions
Use of this command requires membership in the Administrators local group
or the Server Operators local group.

Related Commands
CONTINUE SERVICE
PAUSE SERVICE
SHOW SERVICES
STOP SERVICE

Parameters
servicename
Specifies the name of the network service to start.

Qualifiers
/SERVER=server-name
Specifies the name of the server on which to start the service. The default is
the server currently being administered.

Example
LANDOFOZ\\TINMAN> START SERVICE NETLOGON
%PWRK-I-SVCOPWAIT, attempting to start the "NETLOGON" service on "TINMAN"
%PWRK-S-SVCSTART, service "NETLOGON" started on server "TINMAN"
This example starts the NetLogon service on the server currently being
administered (TINMAN).

ADMINISTER Commands 2–187

ADMINISTER Commands
STOP SERVICE

STOP SERVICE
Stops a currently running network service. Use the SHOW SERVICES
command to display a list of available network services.

Format
STOP SERVICE servicename [/qualifiers]

Restrictions
Use of this command requires membership in the Administrators local group
or the Server Operators local group. You cannot use this command to stop the
EventLog and Server services.

Related Commands
CONTINUE SERVICE
PAUSE SERVICE
SHOW SERVICES
START SERVICE

Parameters
servicename
Specifies the name of the network service to stop.

Qualifiers
/CONFIRM
/NOCONFIRM
Controls whether you are prompted for a confirmation before the operation is
performed. The default is /CONFIRM if running in interactive mode. When
the prompt is issued, the default response is shown, and you may accept
the default by pressing Return or Enter. If you type YES, TRUE, or 1, the
operation is performed. If you type NO, FALSE, 0, or enter Ctrl/Z, no action is
performed. If you type anything else, the prompt is repeated until you type an
acceptable response. No prompt for confirmation is issued if running in batch
mode.
/SERVER=server-name
Specifies the name of the server on which to stop the service. The default is
the server currently being administered.

2–188 ADMINISTER Commands

ADMINISTER Commands
STOP SERVICE

Example
LANDOFOZ\\TINMAN> STOP SERVICE NETLOGON
Do you really want to stop service "NETLOGON" [YES or NO] (YES) : Y
%PWRK-I-SVCOPWAIT, attempting to stop the "NETLOGON" service on "TINMAN"
%PWRK-S-SVCSTOP, service "NETLOGON" stopped on server "TINMAN"
This example stops the NetLogon service on the server currently being
administered (TINMAN). A confirmation is required.

ADMINISTER Commands 2–189

ADMINISTER Commands
TAKE FILE OWNERSHIP

TAKE FILE OWNERSHIP
Takes ownership of the specified file or directory. By granting permissions,
the owner controls how a file or directory can be accessed by others. For
instance, the owner of a file or directory can grant TAKE OWNERSHIP access
rights to another user who can then use the TAKE FILE OWNERSHIP
command to become the new owner. (You can grant ownership access
rights for a file or directory by using the SET FILE/PERMISSIONS
command with either the /FILE_SPECIFIC=TAKE_OWNERSHIP or
/DIRECTORY_SPECIFIC=TAKE_OWNERSHIP qualifiers.) Members of
the Administrators group have privileges that allow them to TAKE FILE
OWNERSHIP without being granted the TAKE OWNERSHIP permission.

Format
TAKE FILE OWNERSHIP path [/qualifier]

Restrictions
You must be a member of the Administrators group to take ownership of a file
or directory.

Related Commands
SHOW FILES

Parameters
path
Specifies the UNC (Universal Naming Convention) path to the directory or file
for which to take ownership. Wildcards are not accepted within directory or
file names.

Qualifiers
/SERVER=server-name
Specifies the name of the server on which to take ownership of the directory or
file. The default is the server currently being administered.

2–190 ADMINISTER Commands

ADMINISTER Commands
TAKE FILE OWNERSHIP

Example
LANDOFOZ\\TINMAN> TAKE FILE OWNERSHIP STATES\KANSAS\FILE1.DAT
%PWRK-S-FILEMOD, "\\TINMAN\STATES\KANSAS\FILE1.DAT" modified
This example takes ownership of the file FILE1.DAT in the directory KANSAS
in the shared directory STATES on the server currently being administered
(TINMAN). The new owner of the file will be the currently logged-on user.

ADMINISTER Commands 2–191

ADMINISTER Commands
TELL

TELL
Use the TELL command to perform one or more administrative commands on
a remote server.

Format
TELL server-name [/qualifier] [remote-command]

Restrictions
Use of this command requires membership in the Administrators local group.
The command cannot be used to manage a Windows NT Server.

Parameters
server-name
Specifies the name of the server on which to execute the command.
remote-command
Specifies the administrative command to be executed on the remote server. It
must physically be the last item on the command line.
If remote-command is not specified, a command processor is started to receive
multiple administrative commands to the remote server. In this case, the
local prompt is changed to \\servername>> and all further commands are
sent to the remote server until you enter Ctrl/Z or EXIT. If the remote server
is an Advanced Server, you can enter only ADMINISTER commands. For
PATHWORKS V5 for OpenVMS (LAN Manager) servers, you can enter only
LAN Manager Net commands.
If you wish to perform an ADMINISTER command, do not specify the
ADMINISTER command on the remote-command. For Net commands, you
must precede the Net command with NET on the remote-command.

Qualifiers
/PASSWORD[="password"]
/NOPASSWORD
Specifies the password to use for connection to the appropriate remote server.
Passwords entered on the command line are converted to uppercase unless
enclosed within quotation marks. If the password you specify contains
lowercase letters, blanks (spaces), or other nonalphanumeric characters,
enclose it in quotation marks, unless you enter the password in response to

2–192 ADMINISTER Commands

ADMINISTER Commands
TELL
the password prompt. (If you enclose the password in quotation marks at the
password prompt, the quotation marks become part of the password.) If you
do not specify a value for password, or specify it as an asterisk (*), you are
prompted for a password (it is not displayed as you enter it).
If you do not specify the /PASSWORD qualifier, then the password used when
you logged on to the network is used. If this password is not valid, then you
will be prompted to enter a valid password for connection to the remote server.
The default is /NOPASSWORD.

Examples
1.

LANDOFOZ\\TINMAN> TELL WOODMAN NET VERSION
%PWRK-I-SRVINFO, the server type is: PATHWORKS for OpenVMS (LAN Manager)
PATHWORKS V5 for OpenVMS (LAN Manager)
Version 5.0F
This example performs the NET VERSION command on the remote server
WOODMAN, which is a PATHWORKS V5 for OpenVMS (LAN Manager)
server. The password used to connect to the remote server is the password
specified when you logged on to the network.

LANDOFOZ\\TINMAN> TELL DOROTHY/PASSWORD="OverTheRainbow" _LANDOFOZ\\TINMAN> SHOW VERSION
%PWRK-I-SRVINFO, the server type is: Advanced Server for OpenVMS
Advanced Server V7.3 for OpenVMS
This example performs the ADMINISTER SHOW VERSION command
on the remote server DOROTHY. The password used to connect to server
DOROTHY is OverTheRainbow.

LANDOFOZ\\TINMAN> TELL DOROTHY
%PWRK-I-SRVINFO, the server type is: Advanced Server for OpenVMS
\\DOROTHY>> SHOW VERSION
Advanced Server V7.3 for OpenVMS
\\DOROTHY>> SHOW SERVICES
Services on server "DOROTHY":
Service
--------------ALERTER
BROWSER
EVENTLOG
NETLOGON
SERVER

Status
--------------Started
Started
Started
Started
Started
ADMINISTER Commands 2–193

ADMINISTER Commands
TELL
Total of 5 services
\\DOROTHY>> EXIT
LANDOFOZ\\TINMAN>
This example starts a command processor so that multiple commands may
be performed on remote server DOROTHY. The SHOW VERSION and
SHOW SERVICES commands are performed on DOROTHY. When EXIT
is entered as the command, the command processor is terminated and the
TELL command is completed.

2–194 ADMINISTER Commands

3
Net Commands and ADMINISTER
Command Equivalents
This chapter contains a subset of PATHWORKS V5 for OpenVMS (LAN
Manager) Net commands and their ADMINISTER command equivalents
implemented for the Advanced Server. This provides backward compatibility
to a subset of PATHWORKS LAN Manager Net commands. However,
administrators are strongly encouraged to use ADMINISTER commands
instead of Net commands.

3.1 Command Mappings
The rest of this chapter lists examples of Net commands and their
ADMINISTER command equivalents. To see a display of the appropriate
ADMINISTER command on your system, enter the NET/TRANSLATE
command at either the domainname\ \ servername> prompt or the DCL
prompt.
For example:

$ NET/TRANSLATE ACCOUNT /ROLE:PRIMARY
or

domainname\\servername> NET/TRANS ACCOUNT /ROLE:PRIMARY
Some commands have no equivalent; for these commands, you see an
explanatory message preceded by a % sign. For example:

$ NET/TRANSLATE NET STATISTICS
%PWRK-E-INVLDCMD, invalid command entered
$ ADMINISTER NET/TRANSLATE access dsk1:[user] /add

Net Commands and ADMINISTER Command Equivalents 3–1

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
%PWRK-E-NSUDCL, no support for "net access resource /add", Use
"ADMINISTER SET FILE path"
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET ACCESS
net access

The net access command is not supported. Use the ADMINISTER
SET FILE path command.

NET ACCOUNTS
net accounts

SHOW ACCOUNT POLICY

net accounts /role:

SET COMPUTER /ROLE=

Options:
member

Invalid role for the Advanced Server.

standalone

Invalid role for the Advanced Server.

primary

PRIMARY_DOMAIN_CONTROLLER

backup

BACKUP_DOMAIN_CONTROLLER

net accounts /sync

SET COMPUTER /ACCOUNT_SYNCHRONIZE

net accounts (valid with the following
relevant options)

SET ACCOUNT POLICY

Options:
/forcelogoff:number

/FORCE_DISCONNECT

/forcelogoff:no

/NOFORCE_DISCONNECT

/lockout:no

/NOLOCK_OUT

/lockout:number

/LOCK_OUT=(ATTEMPTS=number)

/minpwlen:length
/maxpwage:days
/minpwage:days
/uniquepw:number
(other than 0)

/PASSWORD_POLICY=(MINLENGTH=length, MAXAGE=days,
MINAGE=days, HISTORY=number)

/maxpwage:unlimited
/uniquepw:0

/PASSWORD_POLICY=(NOMAXAGE, NOHISTORY)

3–2 Net Commands and ADMINISTER Command Equivalents

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET ADMIN
net admin \ \ servername /command

ADMINISTER servername

Options:
password

/PASSWORD=‘‘password’’

/PASSWORD

/command net command

NET command

NET AUDIT
net audit/delete

CLEAR EVENTS /TYPE=SYSTEM

net audit

SHOW EVENTS /TYPE=SYSTEM

Options:
/count:number

/COUNT=number

/reverse

/SORT=(DESCENDING)

NET CONFIG
net config

The net config command is not supported.

NET CONTINUE
net continue servicename

CONTINUE SERVICE servicename

net continue print=printername

SET PRINT QUEUE printername/CONTINUE

NET DEVICE
net device

SHOW PRINT QUEUES

Option:
printername
net device printername (valid with the
following relevant options)

printername
SET PRINT QUEUE printername

Options:
/delete

/DELETE

/restart

/RESTART

Net Commands and ADMINISTER Command Equivalents 3–3

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET ERROR
net error /delete

CLEAR EVENTS /TYPE=SYSTEM

net error

SHOW EVENTS /TYPE=SYSTEM

Options:
/count:number

/COUNT=number

/reverse

/SORT=(DESCENDING)

NET FILE
net file id/close

CLOSE OPEN_FILE id

net file

SHOW OPEN_FILES

Option:
id

NET GROUP
net group

SHOW GROUPS /FULL

Option:
groupname

groupname

net group groupname/delete

REMOVE GROUP ‘‘groupname’’

net group groupname/add

ADD GROUP ‘‘groupname’’

Option:
/comment:‘‘text’’
net group groupname username1
username2 (valid only with the
following relevant options)

/DESCRIPTION=‘‘text’’
MODIFY GROUP ‘‘groupname’’

Options:
/add

/ADD_MEMBERS=(‘‘username1’’, ‘‘username2’’ )

/delete

/REMOVE_MEMBERS=(‘‘username1’’, ‘‘username2’’ )

net group groupname/comment:‘‘text’’

MODIFY GROUP ‘‘groupname’’ /DESCRIPTION=‘‘text’’

NET HELP, NETHELPMSG
net help
net helpmsg

The net help and net helpmsg commands are unsupported; use the
ADMINISTER HELP command.

3–4 Net Commands and ADMINISTER Command Equivalents

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET LOGON
net logon

LOGON

Options:
username

‘‘username’’

password

‘‘password’’

* (for password)

/domain:name

/DOMAIN=name

NET LOGOFF
net logoff

LOGOFF

NET PASSWORD
net password

SET PASSWORD

Options:
username

‘‘username’’

oldpassword

‘‘oldpassword’’

newpassword

‘‘newpassword’’

* (for newpassword)

\ \ servername

Not supported

/domain:name

/DOMAIN=name

NET PAUSE
net pause service

PAUSE SERVICE service

net pause print

The net pause print command is not supported.

net pause print=printername

SET PRINT QUEUE printername /PAUSE

NET PRINT
net print

SHOW PRINT QUEUES

Options:
sharename

sharename

\ \ servername

/SERVER=servername

Net Commands and ADMINISTER Command Equivalents 3–5

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET PRINT
devicename:
net print sharename (or queuename)
(valid only with the relevant following
options)

devicename:
SET PRINT QUEUE queuename

Options:
/remark:‘‘text’’

/DESCRIPTION=‘‘text’’

/route:print1,print2

/ROUTE_TO=(print1,print2)

/hold

/PAUSE

/release

/CONTINUE

/purge

/PURGE

net print sharename (or queuename)
/delete

REMOVE PRINT QUEUE queuename

net print job
(valid with the following relevant
options)

SET PRINT JOB job

Options:
/hold

/HOLD

/release

/RELEASE

/first

/FIRST

/last

/LAST

/delete

/DELETE

net print \ \ servername job

SHOW PRINT JOBS job /SERVER=servername

net print \ \ servername job
(valid with the following relevant
options)

SET PRINT JOB job /SERVER=servername

Options:
/hold

/HOLD

/release

/RELEASE

/delete

/DELETE

3–6 Net Commands and ADMINISTER Command Equivalents

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET SEND
net send alias ‘‘message’’

SEND ‘‘alias’’ ‘‘message’’

net send * ‘‘message’’

The net send * ‘‘message’’ command is not supported.

net send /users ‘‘message’’

SEND /USERS ‘‘message’’

net send /domain:name ‘‘message’’

The net send /domain:name ‘‘message’’ command is not supported.

NET SESSION
net session

SHOW SESSIONS

Option:
\ \ computername

computername

net session \ \ computername /delete

CLOSE SESSION computername

net session /delete

CLOSE SESSION *

NET SHARE
net share

SHOW SHARES

Options:
/personal

/TYPE=PERSONAL

sharename

sharename/FULL

net share (valid with the following
relevant options)

ADD SHARE/DIRECTORY, ADD SHARE/PRINT

Options:
ipc$

/IPC

admin$

/ADMIN

ipc$ password

Share-level security is not supported.

net share sharename=pathname

ADD SHARE/DIRECTORY sharename pathname

Options:
/personal

/PERSONAL

/users:number

/LIMIT=number

/remark:‘‘text’’

/DESCRIPTION=‘‘text’’

/unlimited

/NOLIMIT

password

Share-level security is not supported.

Net Commands and ADMINISTER Command Equivalents 3–7

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET SHARE
/permissions:permissions

Share-level security is not supported.

net share sharename/print

ADD SHARE/PRINT sharename queuename

net share printshare=devicename/print

ADD SHARE/PRINT printshare devicename

Options:
/users:number

/LIMIT=number

/unlimited

/NOLIMIT

/remark:‘‘text’’

/DESCRIPTION=‘‘text’’

net share sharename
(valid with the following relevant
options)

MODIFY SHARE sharename

Options:
/users:number

/LIMIT=number

/remark:‘‘text’’

/DESCRIPTION=‘‘text’’

/unlimited

/NOLIMIT

net share sharename/delete

REMOVE SHARE sharename

NET START
net start

SHOW SERVICES

net start service

START SERVICE service

NET STATISTICS
net statistics

The net statistics command is not supported.

NET STATUS
net status

The net status command is not supported.

NET STOP
net stop service

STOP SERVICE service

3–8 Net Commands and ADMINISTER Command Equivalents

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET TIME
net time

The net time command is not supported.

NET USER
net user

SHOW USERS

net user username password/add

ADD USER ‘‘username’’/PASSWORD=‘‘password’’
Default values:
/FLAGS=(NODISUSER, PWDEXPIRED, NOPWDLOCKED)
/PRIMARY_GROUP=‘‘Domain Users’’

net user username * /add

ADD USER ‘‘username’’ /PASSWORD
Default values:
/FLAGS=(NODISUSER, PWDEXPIRED, NOPWDLOCKED)
/PRIMARY_GROUP=‘‘Domain Users’’

Options:
/active:no

/FLAGS=(DISUSER)

/active:yes

/FLAGS=(NODISUSER)

/comment:‘‘text’’

/DESCRIPTION=‘‘text’’

/countrycode:number

Not mapped; the default country code is always set.

/expires:date

/EXPIRATION_DATE=date
(Date is equivalent OpenVMS date. For example, 09-Jan1999.)

/expires:never

/NOEXPIRATION_DATE

/fullname:‘‘Firstname Lastname’’

/FULL_NAME=‘‘Firstname Lastname’’

/homedir:pathname

/HOME=(PATH=pathname)

/homedirreq:no

/NOHOME

/logonserver:\ \ computername

Not mapped. A default logon server, such as the primary
domain controller, is always set.

/maxstorage:number

Not mapped. A high value of maxstorage is always set by
default.

/operator:accounts

/MEMBER_OF_GROUPS=(‘‘Domain Users’’, ‘‘Account
Operators’’)

/operator:print

/MEMBER_OF_GROUPS=(‘‘Domain Users’’, ‘‘Print
Operators’’)

Net Commands and ADMINISTER Command Equivalents 3–9

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET USER
/operator:server

/MEMBER_OF_GROUPS=(‘‘Domain Users’’, ‘‘Server
Operators’’)

/operator:comm

Not mapped.

/operator:print, accounts, server

/MEMBER_OF_GROUPS=(‘‘Domain Users’’, ‘‘Print
Operators’’, ‘‘Account Operators’’, ‘‘Server Operators’’)

/passwordchg:yes

/FLAGS=(NOPWDLOCKED)

/passwordchg:no

/FLAGS=(NOPWDEXPIRED, PWDLOCKED)

/passwordreq:no

/NOPASSWORD

/privilege:admin

/MEMBER_OF_GROUPS=(‘‘Domain Admins’’) /PRIMARY_
GROUP=‘‘Domain Admins’’

/privilege:guest

/MEMBER_OF_GROUPS=(‘‘Domain Guests’’) /PRIMARY_
GROUP=‘‘Domain Guests’’

/privilege:user

/MEMBER_OF_GROUPS=(‘‘Domain Users’’) /PRIMARY_
GROUP=‘‘Domain Users’’

/scriptpath:pathname

/SCRIPT=pathname

/times:all

/HOURS=(SUNDAY=(0-23),
MONDAY=(0-23),
TUESDAY=(0-23),
WEDNESDAY=(0-23),
THURSDAY=(0-23),
FRIDAY=(0-23),
SATURDAY=(0-23))

/times:times

/HOURS=(times)

/usercomment:‘‘text’’

Not mapped.

/workstations:computer1,computer2

/WORKSTATIONS=(computer1, computer2)

/workstations:*

/WORKSTATIONS=(*)

net user username/delete

REMOVE USER ‘‘ username’’

net user username password

MODIFY USER ‘‘username’’ /PASSWORD=‘‘password’’

net user username *

MODIFY USER ‘‘username’’/PASSWORD

Options are identical to those for
net user username/add, except
for the values for the following
qualifiers:
/operator:accounts

/ADD_TO_GROUPS=(‘‘Account Operators’’)
/REMOVE_FROM_GROUPS=(‘‘Print Operators’’, ‘‘Server
Operators’’)

3–10 Net Commands and ADMINISTER Command Equivalents

Net Commands and ADMINISTER Command Equivalents
3.1 Command Mappings
Example of Existing OpenVMS Net
Command

ADMINISTER Command Equivalent

NET USER
/operator:print

/ADD_TO_GROUPS=(‘‘Print Operators’’)
/REMOVE_FROM_GROUPS=(‘‘Server Operators’’, ‘‘Account
Operators’’)

/operator:server

/ADD_TO_GROUPS=(‘‘Server Operators’’)
/REMOVE_FROM_GROUPS=(‘‘Print Operators’’, ‘‘Account
Operators’’)

/operator:accounts,print,server

/ADD_TO_GROUPS=(‘‘Account Operators’’, ‘‘Print Operators’’,
‘‘Server Operators’’)

/privilege:admin

/ADD_TO_GROUPS=(‘‘Domain Admins’’)
/REMOVE_FROM_GROUPS=(‘‘Domain Users’’, ‘‘Domain
Guests’’) /PRIMARY_GROUP=‘‘Domain Admins’’

/privilege:user

/ADD_TO_GROUPS=(‘‘Domain Users’’)
/REMOVE_FROM_GROUPS=(‘‘Domain Admins’’, ‘‘Domain
Guests’’) /PRIMARY_GROUP=‘‘Domain Users’’

/privilege:guest

/ADD_TO_GROUPS=(‘‘Domain Guests’’)
/REMOVE_FROM_GROUPS=(‘‘Domain Admins’’, ‘‘Domain
Users’’) /PRIMARY_GROUP=‘‘Domain Guests’’

NET VERSION
net version

SHOW VERSION

NET VIEW
net view

SHOW COMPUTERS

Option:
\ \ servername

servername

NET WHO
net who

The net who command is not supported.

Net Commands and ADMINISTER Command Equivalents 3–11

Index
A
Account policy
displaying, 2–141
setting, 2–107
ADD COMPUTER command, 2–14
See also REMOVE COMPUTER
command, SET COMPUTER
command, SHOW COMPUTERS
command
on member servers, 2–6
ADD GROUP command, 2–16
See also COPY GROUP command,
MODIFY GROUP command,
REMOVE GROUP command, SHOW
GROUPS command
ADD HOSTMAP command, 2–19
See also REMOVE HOSTMAP command,
SHOW HOSTMAP command
ADD PRINT QUEUE command, 2–21
See also CONTINUE PRINT QUEUE
command, PAUSE PRINT QUEUE
command, REMOVE PRINT QUEUE
command, SET PRINT QUEUE
command, SHOW PRINT QUEUES
command, ADD SHARE/PRINT
command
ADD SHARE command
See ADD SHARE/DIRECTORY command,
ADD SHARE/PRINTER command
ADD SHARE/DIRECTORY command, 2–24
See also ADD SHARE/PRINT command,
MODIFY SHARE command, SHOW
SHARES command

ADD SHARE/PRINT command, 2–29
See also ADD PRINT QUEUE command,
ADD SHARE/DIRECTORY command,
MODIFY SHARE command, SHOW
SHARES command
ADD TRUST command, 2–32
See also REMOVE TRUST command,
SHOW TRUSTS command
on member servers, 2–6
ADD USER command, 2–35
See also COPY USER command, MODIFY
USER command, REMOVE USER
command, SHOW USERS command
on member servers, 2–6
ADMINISTER command, 2–1
See also ADMINISTER user interface
obtaining help, 2–1, 2–61
overview, 1–1
syntax, 2–6
ADMINISTER commands
on a member server, 2–4
ADMINISTER user interface
See also ADMINISTER command
abbreviations, 2–8
batch jobs, 2–9
case sensitivity, 2–7
exiting, 2–60
invoking, 2–1
local and remote administration, 2–3
parameter restrictions, 2–10
passwords, 2–7
privileges, 2–6

Index–1

Auditing
displaying on files, 2–158
setting on files, 2–121
Audit policy
displaying, 2–145
setting, 2–114

B
Backup domain controller
specifying server as, 2–15
synchronizing with primary domain
controller, 2–117

C
Case sensitivity, 2–7
CLEAR EVENTS command, 2–42
See also SAVE EVENTS command, SHOW
EVENTS command
CLOSE OPEN_FILE command, 2–44
See also SHOW OPEN_FILES command
CLOSE SESSION command, 2–46
See also SHOW SESSIONS command
Computer operations
controlling, 2–117
Computers
adding to domain, 2–14
displaying, 2–147
removing from domain, 2–88
specifying role
ADD COMPUTER command, 2–15
SET COMPUTER command, 2–118
Computer type display symbol, 2–147
Computer usage summary
displaying, 2–147
Connections to server
displaying, 2–151
CONTINUE PRINT QUEUE command,
2–48
See also ADD PRINT QUEUE command,
PAUSE PRINT QUEUE command,
REMOVE PRINT QUEUE command,
SET PRINT QUEUE command,
SHOW PRINT QUEUES command

Index–2

CONTINUE SERVICE command, 2–49
See also PAUSE SERVICE command,
SHOW SERVICES command, START
SERVICE command, STOP SERVICE
command
COPY GROUP command, 2–50
See also ADD GROUP command,
MODIFY GROUP command,
REMOVE GROUP command, SHOW
GROUPS command
COPY USER command, 2–53
See also ADD USER command, MODIFY
USER command, REMOVE USER
command, SHOW USERS command
on member servers, 2–6

D
DCL parse style, 2–129
Directory
displaying auditing, 2–158
displaying ownership, 2–158
displaying permissions, 2–158
ownership, 2–190
setting auditing, 2–121
setting permissions, 2–121
Directory share
adding, 2–24
removing, 2–96
Domain
displaying auditing policy, 2–145
displaying information about, 2–143
setting auditing policy, 2–114
setting default, 2–3, 2–65, 2–111
Domain database
See Security accounts database
Domains
administering
on member servers, 2–4

ECS
See Extended character sets
Events
clearing from event log file, 2–42
displaying, 2–154
saving to file, 2–103
EXIT command, 2–60
Extended character sets
input and output mode, 2–129, 2–166
support of, 2–9

LAN Manager
NET commands, 2–82
Logging off, 2–64
Logging on, 2–65
LOGIN command
See LOGON command
LOGOFF command, 2–64
See also LOGON command
LOGON command, 2–65
See also LOGOFF command
LOGOUT command
See LOGOFF command

F
File
See also Open files
closing, 2–44
displaying auditing or permissions
information, 2–158
displaying open files, 2–167
ownership, 2–190
setting auditing, 2–121
setting permissions, 2–121

G
Groups
adding, 2–16
copying, 2–50
displaying, 2–161
modifying, 2–68
removing, 2–90

M
Member server
local domain management, 2–3
management, 2–3
Messages
sending, 2–105
MODIFY GROUP command, 2–68
See also ADD GROUP command, COPY
GROUP command, REMOVE GROUP
command, SHOW GROUPS command
MODIFY SHARE command, 2–70
See also ADD SHARE command,
REMOVE SHARE command, SHOW
SHARES command
MODIFY USER command, 2–76
See also ADD USER command, COPY
USER command, REMOVE USER
command, SHOW USERS command
on member servers, 2–6

HELP command, 2–61

I
Input mode
displaying, 2–166
setting, 2–129

N
NET command (ADMINISTER command),
2–82, 3–1
Net commands
ADMINISTER command equivalents, 3–1
overview, 1–1

Index–3

Network
logging off, 2–64
logging on, 2–65
Network services
continuing, 2–49
displaying status information, 2–173
pausing, 2–86
starting, 2–187
stopping, 2–188

O
Open files
closing, 2–44
displaying, 2–167
Output mode
displaying, 2–166
setting, 2–129

P
Parse style, 2–129
Passwords
controlling, 2–107
setting, 2–133
using with commands, 2–7
PAUSE PRINT QUEUE command, 2–84
See also ADD PRINT QUEUE command,
CONTINUE PRINT QUEUE
command, REMOVE PRINT QUEUE
command, SET PRINT QUEUE
command, SHOW PRINT QUEUES
command
PAUSE SERVICE command, 2–86
See also CONTINUE SERVICE command,
SHOW SERVICES command, START
SERVICE command, STOP SERVICE
command
Permissions
displaying on files, 2–158
setting on files, 2–121
Personal share
defined, 2–28
displaying, 2–179

Index–4

Primary domain controller
specifying server as, 2–15
Printer queue, 2–21
Print job
displaying, 2–169
setting attributes of, 2–135
Print queue
adding, 2–21
adding shared, 2–29
continuing, 2–48
displaying attributes, 2–171
execution queue, 2–21
generic queue, 2–21
pausing, 2–84
pointing directly to a physical printer
(printer queue), 2–21
pointing to one or more printer queues
(routing queue), 2–21
removing, 2–94
setting attributes of, 2–137
Print share
adding, 2–29
removing, 2–96

R
Remote administration, 2–3
/DOMAIN or /SERVER qualifier, 2–3
SET ADMINISTRATION command,
2–111
TELL command, 2–192
REMOVE COMPUTER command, 2–88
See also ADD COMPUTER command,
SET COMPUTER command, SHOW
COMPUTERS command
on member servers, 2–6
REMOVE GROUP command, 2–90
See also ADD GROUP command, COPY
GROUP command, MODIFY GROUP
command, SHOW GROUPS command
REMOVE HOSTMAP command, 2–92
See also ADD HOSTMAP command,
SHOW HOSTMAP command

REMOVE PRINT QUEUE command, 2–94
See also ADD PRINT QUEUE command,
CONTINUE PRINT QUEUE
command, PAUSE PRINT QUEUE
command, SET PRINT QUEUE
command, SHOW PRINT QUEUES
command
REMOVE SHARE command, 2–96
See also ADD SHARE command, MODIFY
SHARE command, SHOW SHARES
command
REMOVE TRUST command, 2–98
See also ADD TRUST command, SHOW
TRUSTS command
on member servers, 2–6
REMOVE USER command, 2–101
See also ADD USER command, COPY
USER command, MODIFY USER
command, SHOW USERS command
Routing queue, 2–21

S
SAM database
See Security accounts database
SAVE EVENTS command, 2–103
See also CLEAR EVENTS command,
SHOW EVENTS command
Security accounts database, 2–14
adding a group to, 2–16
adding an account to, 2–35
removing a group from, 2–90
removing an account from, 2–88
removing a user from, 2–101
synchronizing, 2–117
Security Accounts Management (SAM)
database
See Security accounts database
Security database
See Security accounts database
Security log
setting auditing policy for, 2–114

SEND command, 2–105
Server
closing sessions, 2–46
displaying connections, 2–151
displaying information, 2–143
setting attributes, 2–117
setting default, 2–3, 2–111
specifying network role, 2–15
specifying role, 2–118
version, 2–186
Services
See Network services
Sessions
closing, 2–46
displaying, 2–175
SET ACCOUNT POLICY command, 2–107
See also SHOW ACCOUNT POLICY
command
SET ADMINISTRATION command, 2–111
See also SHOW ADMINISTRATION
command
for member servers, 2–4
SET AUDIT POLICY command, 2–114
See also SHOW AUDIT POLICY command
SET COMPUTER command, 2–117
See also ADD COMPUTER command,
REMOVE COMPUTER command,
SHOW COMPUTERS command
on member servers, 2–6
SET FILE command, 2–121
See also SHOW FILES command
SET MODE command, 2–129
SET PASSWORD command, 2–133
SET PRINT JOB command, 2–135
See also SET PRINT QUEUE command,
SHOW PRINT JOBS command,
SHOW PRINT QUEUES command
SET PRINT QUEUE command, 2–137

Index–5

SET PRINT QUEUE command (cont’d)
See also ADD PRINT QUEUE command,
CONTINUE PRINT QUEUE
command, PAUSE PRINT QUEUE
command, REMOVE PRINT
QUEUE command, SET PRINT JOB
command, SHOW PRINT JOBS
command, SHOW PRINT QUEUES
command
Shares
adding, 2–24, 2–29
displaying, 2–177
modifying, 2–70
personal, 2–28, 2–179
removing, 2–96
SHOW ACCOUNT POLICY command,
2–141
See also SET ACCOUNT POLICY
command
SHOW ADMINISTRATION command,
2–143
See also SET ADMINISTRATION
command
SHOW AUDIT POLICY command, 2–145
See also SET AUDIT POLICY command,
SHOW EVENTS command
SHOW COMPUTERS command, 2–147
See also ADD COMPUTER command,
REMOVE COMPUTER command,
SET COMPUTER command
on member servers, 2–6
SHOW CONNECTIONS command, 2–151
See also SHOW OPEN_FILES command,
SHOW SESSIONS command
SHOW EVENTS command, 2–154
See also CLEAR EVENTS command,
SAVE EVENTS command, SET
AUDIT POLICY command, SHOW
AUDIT POLICY command
SHOW FILES command, 2–158
SHOW GROUPS command, 2–161
See also ADD GROUP command, COPY
GROUP command, MODIFY GROUP
command, REMOVE GROUP
command

Index–6

SHOW GROUPS command (cont’d)
on member servers, 2–6
SHOW HOSTMAP command, 2–164
See also ADD HOSTMAP command,
REMOVE HOSTMAP command
SHOW MODE command, 2–166
SHOW OPEN_FILES command, 2–167
See also CLOSE OPEN_FILE command,
SHOW CONNECTIONS command
SHOW PRINT JOBS command, 2–169
See also SET PRINT JOB command,
SHOW PRINT QUEUES command
SHOW PRINT QUEUES command, 2–171
SHOW SERVICES command, 2–173
See also CONTINUE SERVICE command,
PAUSE SERVICE command, START
SERVICE command, STOP SERVICE
command
SHOW SESSIONS command, 2–175
See also CLOSE SESSION command,
SHOW CONNECTIONS command
SHOW SHARES command, 2–177
See also ADD SHARE command, MODIFY
SHARE command, REMOVE SHARE
command
SHOW TRUSTS command, 2–181
See also ADD TRUST command,
REMOVE TRUST command
on member servers, 2–6
SHOW USERS command, 2–182
See also ADD USER command, COPY
USER command, MODIFY USER
command, REMOVE USER command
SHOW VERSION command, 2–186
START SERVICE command, 2–187
See also CONTINUE SERVICE command,
PAUSE SERVICE command,
SHOW SERVICES command, STOP
SERVICE command
STOP SERVICE command, 2–188
See also CONTINUE SERVICE command,
PAUSE SERVICE command, SHOW
SERVICES command, START
SERVICE command

T
TAKE FILE OWNERSHIP command, 2–190
See also SHOW FILES command
TELL command, 2–192
Trusts
adding, 2–32
displaying, 2–181
removing, 2–98

U
UNC
See Universal Naming Convention
Unicode
See Extended character sets
Universal Naming Convention (UNC), 2–9

User account
adding, 2–35
adding OpenVMS mapping, 2–19
copying, 2–53
displaying, 2–182
displaying OpenVMS mapping, 2–164
displaying policy, 2–141
modifying, 2–76
removing, 2–101
removing OpenVMS mapping, 2–92
setting policy, 2–107

V
Version information
displaying, 2–186

W
Workstations
management, 2–4

Index–7