IBM Endpoint Manager Inspectors Reference

Terminology

Win: Windows
Lin: Red Hat and SUSE Linux
Sol: SUN Solaris
HPUX: Hewlett-Packard UNIX version
AIX: IBM AIX
Mac: Apple Macintosh
Ubu: Ubuntu/Debian
WM: Windows Mobile

The version (e.g. Lin:8.1) corresponds to the version of the IEM product (8.1) in which the inspector was introduced in the client on that platform.
The version number is not shown if it is less than 8.0.


Platform


Contents

Action Objects
Authorization Objects
Client Objects
Directory Services
Environment Objects
Filesystem Objects
Firewall Objects
Fixlet Objects
Formatting Objects
Installed System Software
Introspectors
License Objects
Microsoft IIS Metabase Objects
Miscellaneous
Networking Objects
Power Objects
Primitive Objects
Registry Objects
Session Objects
Session Statistics
Site Objects
SMBIOS objects
System Objects
Task Objects
User Objects
activity history
logged on user
user
user attribute
Windows Mobile Device Objects
WMI Objects
World Objects

IBM Endpoint Manager wiki

User Objects

These Inspectors return information about local and current user accounts, including names, logins, passwords and more.

user

The <user> Inspectors allow you to list properties of all users, whether they are logged in or not.

Creation Methods

DeclarationDescriptionPlatforms (?)
domain userReturns all of the users that are members of the domain for which the machine is a user.Win:8.1
domain user <string>Returns the user object corresponding to the specified name.Win:8.1
local userItererates of all cached Active Directory local users. This Inspector only works in the client context when caching is enabled.Win:8.1, Mac:8.1
local user <string>Returns the Active Directory local user object for the specified local user. This allows inspection of AD properties for that user, whether cached or currently logged in.Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Ubu:8.2
userReturns objects for all users of the computer, logged in or not.Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1
user <string>Returns the user specified by <string>.Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1
user of <security identifier>Win:8.2
user of <logged on user>Returns a user object from a 'logged on' user. This is for Active Directory expressions to bridge the gaps between user types. This retains the domain information of the logged on user within the user object where other user types might not.Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.1, Ubu:8.2

Properties

DeclarationReturn typeDescriptionPlatforms (?)
account disabled flag of <user><boolean>

Plural: account disabled flags
Returns TRUE if the specified user's account is disabled.Win:8.1
account expiration of <user><time>

Plural: account expirations
Returns the time when the specified user's account is set to expire.Win:8.1
accounts operator flag of <user><boolean>

Plural: accounts operator flags
Returns TRUE if this user has the accounts operator privilege.Win:8.1
active directory user of <user><active directory local user>

Plural: active directory users
Returns an <active directory local user> object from the specified logged-on user object. This bridges the gaps between user types when using Active Directory Inspectors. It retains the domain information of the logged-on user within the user object where other user types might not.Win:8.1, Mac:8.1
admin privilege of <user><boolean>

Plural: admin privileges
Returns TRUE if the specified user has a privilege level of 'admin'.Win:8.1
allowed workstations string of <user><string>

Plural: allowed workstations strings
Returns a list of workstations the specified user is allowed to login to. If this string is empty, no restrictions apply.Win:8.1
application parameter string of <user><string>

Plural: application parameter strings
Returns a string used by Microsoft products to store user configuration information.Win:8.1
bad password count of <user><integer>

Plural: bad password counts
Returns the number of attempts to logon to the specified user account with a bad password.Win:8.1
code page of <user><integer>

Plural: code pages
Returns the code page corresponding to the specified user's preferred language.Win:8.1
comment of <user><string>

Plural: comments
Returns the comments associated with this user's account.Win:8.1
communications operator flag of <user><boolean>

Plural: communications operator flags
Returns TRUE if the specified user has communications operator privileges.Win:8.1
country code of <user><integer>

Plural: country codes
Returns the country code of the user's preferred language.Win:8.1
domain of <user><string>

Plural: domains
Win:8.2
full name of <user><string>

Plural: full names
Returns the full name of the specified user.Win:8.1
guest privilege of <user><boolean>

Plural: guest privileges
Returns TRUE if the specified user has a privilege level of 'guest'.Win:8.1
home directory drive of <user><string>

Plural: home directory drives
Returns the name of the drive assigned to the specified user's home directory.Win:8.1
home directory of <user><string>

Plural: home directories
On a Windows system, this Inspector returns the directory (as a string) where the user files are stored for the specified user. Note: On a Mac, this Inspector has a different interpretation: it returns the dsAttrTypeStandard:NFSHomeDirectory attribute (as a folder) of the specified user.Win:8.1
home directory required flag of <user><boolean>

Plural: home directory required flags
Returns TRUE if a home directory is required for the specified user.Win:8.1
interdomain trust account flag of <user><boolean>

Plural: interdomain trust account flags
Returns TRUE if the given user's account stipulates that a domain should trust other domains.Win:8.1
last logoff of <user><time>

Plural: last logoffs
Returns the time when the specified user last logged off.Win:8.1
last logon of <user><time>

Plural: last logons
Returns the time when the specified user last logged on.Win:8.1
locked out flag of <user><boolean>

Plural: locked out flags
Returns TRUE if the specified user is currently locked out.Win:8.1
logged on user of <user><logged on user>

Plural: logged on users
Converts a user into a 'logged on' user type -- if and only if the specified user is currently logged in.Win:8.1
logon count of <user><integer>

Plural: logon counts
Returns the number of times which the specified user's account has successfully logged on to the local machine.Win:8.1
logon script of <user><string>

Plural: logon scripts
Returns the pathname (as a string) of the specified user's logon script.Win:8.1
logon server of <user><string>

Plural: logon servers
Returns the name of the server (as a string) to which logon requests are sent for the specified user's account.Win:8.1
maximum storage of <user><integer>

Plural: maximum storages
Returns the specified user's disk quota. Will return FALSE if the user has no disk quota.Win:8.1
name of <user><string>

Plural: names
Returns the name of all the specified user, whether logged in or not.Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1
no password required flag of <user><boolean>

Plural: no password required flags
Returns TRUE if no password is required for the specified user.Win:8.1
normal account flag of <user><boolean>

Plural: normal account flags
Returns TRUE if the specified user's account has a default account type corresponding to a typical user.Win:8.1
password age of <user><time interval>

Plural: password ages
Returns a time interval since the specified user's password was last changed.Win:8.1
password change disabled flag of <user><boolean>

Plural: password change disabled flags
Returns TRUE if the specified user is not allowed to change his password.Win:8.1
password expiration disabled flag of <user><boolean>

Plural: password expiration disabled flags
Returns TRUE if the specified user's password on this account will never expire.Win:8.1
password expired of <user><boolean>

Plural: passwords expired
Returns TRUE if the specified user's password has expired.Win:8.1
primary group id of <user><integer>

Plural: primary group ids
On a Windows computer, this Inspector returns the group id (as an integer) corresponding to the specified user.Note: on a Mac, this Inspector returns a string corresponding to the dsAttrTypeStandard:PrimaryGroupID attribute for the specified user.Win:8.1
print operator flag of <user><boolean>

Plural: print operator flags
Returns TRUE if the specified user has print operator privileges.Win:8.1
profile folder of <user><string>

Plural: profile folders
Returns the pathname of the folder which contains the specified user's profile.Win:8.1
script flag of <user><boolean>

Plural: script flags
Returns TRUE if the logon script for the specified user has been executed.Win:8.1
server operator flag of <user><boolean>

Plural: server operator flags
Returns TRUE if the specified user has server operator privileges.Win:8.1
server trust account flag of <user><boolean>

Plural: server trust account flags
Returns TRUE if the specified user has server trust account privileges (for a backup domain controller).Win:8.1
sid of <user><security identifier>

Plural: sids
Win:8.2
temporary duplicate account flag of <user><boolean>

Plural: temporary duplicate account flags
Returns TRUE if this is a temporary duplicate account of the specified user.Win:8.1
user comment of <user><string>

Plural: user comments
Returns the user comments of the specified user.Win:8.1
user id of <user><integer>

Plural: user ids
Returns the specified user's RID number.Win:8.1
user privilege of <user><boolean>

Plural: user privileges
Returns TRUE if the specified user has a privilege level of 'user'.Win:8.1
workstation trust account flag of <user><boolean>

Plural: workstation trust account flags
Returns TRUE if the specified user's account is for a workstation or server.Win:8.1

logged on user

These Windows and Macintosh Inspectors return information about the currently logged-on user. With the advent of Terminal Services and Fast User Switching, these Inspectors are designed to iterate over all logged on users. Windows Note: If Terminal Services are available (NT/2000/2003/XP/Vista) and enabled, these Inspectors iterate over the active and disconnected sessions as returned by WTSEnumerateSessions. Disconnected sessions are those where a user logs on, but is currently inactive. On Vista, the non-interactive session 0 (used for services isolation) is not included. If Terminal Services aren't available, the ACLs on the security descriptor of the "winsta0" window station are examined for user logons. On Windows 9x systems, these Inspectors return the user session associated with the registry value "Current User" of "SYSTEM\CurrentControlSet\Control" if it exists. Otherwise, if a shell process process such as Explorer.exe is running, they return a single session associated with an unnamed user (which occurs when the user cancels the 9x login dialog).

Creation Methods

DeclarationDescriptionPlatforms (?)
current userReturns the active, console (local) user, if logged on. Otherwise does not exist.

Example:
name of current user = "bigfix" - Returns true if BigFix is the current user object.
Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1
logged on userReturns zero or more users logged on to this computer. This Inspector iterates through all logged-on users, using Fast User Switching, Terminal Services, ACLs, and on Win 9x, the registry.Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2
logged on user of <user>Converts a user into a 'logged on' user type -- if and only if the specified user is currently logged in.Win:8.1

Properties

DeclarationReturn typeDescriptionPlatforms (?)
user key of <logged on user><registry key>

Plural: user keys
Returns the registry key of the specified logged on userWin:9.0
active of <logged on user><boolean>

Plural: actives
Returns TRUE if the specified user session is active (either as a current Fast User or an active terminal services connection).Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2
activity history of <logged on user><activity history>

Plural: activity histories
Returns the activity history of the specified logged-on user. This.Win:8.0
name of <logged on user><string>

Plural: names
If Terminal Services is available and enabled under NT4/2000/2003/XP/Vista, this Inspector returns the result of WTSQuerySessionInformation with WTSUserName. With Terminal Services disabled, it examines the ACLs on the security descriptor of the "winsta0" window station. Under Windows 9x, returns the "Current User" of "SYSTEM\CurrentControlSet\Control" if it exists. Otherwise returns No Such Object.Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.2, WM, Ubu:8.2
remote of <logged on user><boolean>

Plural: remotes
Returns TRUE if the user session is a remote terminal services connection.Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2
session id of <logged on user><integer>

Plural: session ids
Returns the id number of the session for the logged on usersWin:8.2, Mac:8.2
sid of <logged on user><security identifier>

Plural: sids
Returns the Security ID (SID) of the user associated with the session's primary access token. With Windows 2003/XP/Vista, this is determined by WTSQueryUserToken. With NT4/2000 it is determined by the apparent shell process running in the given session. This Inspector may fail if run in a non-privileged context. The SID does not exist under Windows 9x.Win
tty of <logged on user><string>

Plural: ttys
Returns the name of the connection the user is on. Result is platform specific. Examples are: "Console", "RDP-Tcp#0", "pts/1", ":0"Win:8.2, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.2, Ubu:8.2
user of <logged on user><user>

Plural: users
Returns a user object from a 'logged on' user. This is for Active Directory expressions to bridge the gaps between user types. This retains the domain information of the logged on user within the user object where other user types might not.Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.1, Ubu:8.2

user attribute

These Macintosh Inspectors provide information, such as user ID and home directory, about the specified user.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

activity history

The <activity history> Inspectors keep track of the activity of a single logged-on user. You may iterate over all logged-on users and get the history for each user separately. User information is purged at log off and power off/client off, even if the user immediately logs back in. These Inspectors retrieve information within a tracking window (defaulting to 14 days) or, if the window is still open, the start of that window. Information is in the form of a list of (interval, state) tuples. The first element of the list is the current state of the system. The event lists are fetched from the client each time 'activity history' is referenced, so you should avoid referencing these Inspectors more than once in a relevance statement. Note: Activity tracking only works while the Client UI is running. These Inspectors only work with Windows 2000 or better.

Creation Methods

DeclarationDescriptionPlatforms (?)
activity history of <logged on user>Returns the activity history of the specified logged-on user. This.Win:8.0

Properties

DeclarationReturn typeDescriptionPlatforms (?)
user interval of <activity history><system power interval>

Plural: user intervals
Returns a power interval (containing a time range and a power state, such as standby or idle) corresponding to the specified user activity history.Win:8.0