RSA Version/Condition: All
Below is a chart of the UAC Property Flags taken from the Microsoft Support Knowledge Base Article entitled How to use the UserAccountControl flags to manipulate user account properties.
|
Property Flag |
Value in Hexadecimal |
Value in Decimal |
|
ACCOUNTDISABLE |
0x0002. |
2 |
|
NORMAL_ACCOUNT |
0x0200 |
512 |
|
PASSWD_NOTREQD |
0x0020 |
32 |
|
PASSWD_CANT_CHANGE |
0x0040 |
64 |
|
DONT_EXPIRE_PASSWORD |
0x10000 |
65536 |
|
PASSWORD_EXPIRED |
0x800000 |
8388608 |
|
HOMEDIR_REQUIRED |
0x0008 |
8 |
|
LOCKOUT |
0x0010 |
16 |
|
ENCRYPTED_TEXT_PWD_ALLOWED |
0x0080 |
128 |
|
TEMP_DUPLICATE_ACCOUNT |
0x0100 |
256 |
|
SCRIPT |
0x0001 |
1 |
|
INTERDOMAIN_TRUST_ACCOUNT |
0x0800 |
2048 |
|
WORKSTATION_TRUST_ACCOUNT |
0x1000 |
4096 |
|
SERVER_TRUST_ACCOUNT |
0x2000 |
8192 |
|
MNS_LOGON_ACCOUNT |
0x20000 |
131072 |
|
SMARTCARD_REQUIRED |
0x40000 |
262144 |
|
TRUSTED_FOR_DELEGATION |
0x80000 |
524288 |
|
NOT_DELEGATED |
0x100000 |
1048576 |
|
USE_DES_KEY_ONLY |
0x200000 |
2097152 |
|
DONT_REQ_PREAUTH |
0x400000 |
4194304 |
|
TRUSTED_TO_AUTH_FOR_DELEGATION |
0x1000000 |
16777216 |
|
PARTIAL_SECRETS_ACCOUNT |
0x04000000 |
67108864 |
Below is an example of updating an account so a password is not required. In this example the account, Rita Book, has a UAC value defined as:
To update the account so that a password is not required, enter the PASSWD_NOTREQD property flag in the UAC field of the connector capability:
Note the new UAC value is defined as:
IMPORTANT:
Using an incorrect string or a numeric value will result in the update being ignored as if the field were left empty. There are no error or failure messages.
NOTE: If you are unable to update the PASSWD_CANT_CHANGE flag, you may need a patch. Please see RSA Knowledge Base Article 000038108 -- UserAccountControl (UAC) attribute PASSWD_CANT_CHANGE is not updated by the Active Directory AFX connector in RSA Identity Governance & Lifecycle for more information.
