IBM Endpoint Manager Inspectors Reference |
Win: Windows
Lin: Red Hat and SUSE Linux
Sol: SUN Solaris
HPUX: Hewlett-Packard UNIX version
AIX: IBM AIX
Mac: Apple Macintosh
Ubu: Ubuntu/Debian
WM: Windows Mobile
The version (e.g. Lin:8.1) corresponds to the version of the IEM product (8.1) in which the inspector was introduced in the client on that platform.
The version number is not shown if it is less than 8.0.
These Inspectors return information about local and current user accounts, including names, logins, passwords and more.
Declaration | Description | Platforms (?) |
domain user | Returns all of the users that are members of the domain for which the machine is a user. | Win:8.1 |
domain user <string> | Returns the user object corresponding to the specified name. | Win:8.1 |
local user | Itererates of all cached Active Directory local users. This Inspector only works in the client context when caching is enabled. | Win:8.1, Mac:8.1 |
local user <string> | Returns the Active Directory local user object for the specified local user. This allows inspection of AD properties for that user, whether cached or currently logged in. | Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Ubu:8.2 |
user | Returns objects for all users of the computer, logged in or not. | Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1 |
user <string> | Returns the user specified by <string>. | Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1 |
user of <security identifier> | Win:8.2 | |
user of <logged on user> | Returns a user object from a 'logged on' user. This is for Active Directory expressions to bridge the gaps between user types. This retains the domain information of the logged on user within the user object where other user types might not. | Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.1, Ubu:8.2 |
Declaration | Return type | Description | Platforms (?) |
account disabled flag of <user> | <boolean> Plural: account disabled flags | Returns TRUE if the specified user's account is disabled. | Win:8.1 |
account expiration of <user> | <time> Plural: account expirations | Returns the time when the specified user's account is set to expire. | Win:8.1 |
accounts operator flag of <user> | <boolean> Plural: accounts operator flags | Returns TRUE if this user has the accounts operator privilege. | Win:8.1 |
active directory user of <user> | <active directory local user> Plural: active directory users | Returns an <active directory local user> object from the specified logged-on user object. This bridges the gaps between user types when using Active Directory Inspectors. It retains the domain information of the logged-on user within the user object where other user types might not. | Win:8.1, Mac:8.1 |
admin privilege of <user> | <boolean> Plural: admin privileges | Returns TRUE if the specified user has a privilege level of 'admin'. | Win:8.1 |
allowed workstations string of <user> | <string> Plural: allowed workstations strings | Returns a list of workstations the specified user is allowed to login to. If this string is empty, no restrictions apply. | Win:8.1 |
application parameter string of <user> | <string> Plural: application parameter strings | Returns a string used by Microsoft products to store user configuration information. | Win:8.1 |
bad password count of <user> | <integer> Plural: bad password counts | Returns the number of attempts to logon to the specified user account with a bad password. | Win:8.1 |
code page of <user> | <integer> Plural: code pages | Returns the code page corresponding to the specified user's preferred language. | Win:8.1 |
comment of <user> | <string> Plural: comments | Returns the comments associated with this user's account. | Win:8.1 |
communications operator flag of <user> | <boolean> Plural: communications operator flags | Returns TRUE if the specified user has communications operator privileges. | Win:8.1 |
country code of <user> | <integer> Plural: country codes | Returns the country code of the user's preferred language. | Win:8.1 |
domain of <user> | <string> Plural: domains | Win:8.2 | |
full name of <user> | <string> Plural: full names | Returns the full name of the specified user. | Win:8.1 |
guest privilege of <user> | <boolean> Plural: guest privileges | Returns TRUE if the specified user has a privilege level of 'guest'. | Win:8.1 |
home directory drive of <user> | <string> Plural: home directory drives | Returns the name of the drive assigned to the specified user's home directory. | Win:8.1 |
home directory of <user> | <string> Plural: home directories | On a Windows system, this Inspector returns the directory (as a string) where the user files are stored for the specified user. Note: On a Mac, this Inspector has a different interpretation: it returns the dsAttrTypeStandard:NFSHomeDirectory attribute (as a folder) of the specified user. | Win:8.1 |
home directory required flag of <user> | <boolean> Plural: home directory required flags | Returns TRUE if a home directory is required for the specified user. | Win:8.1 |
interdomain trust account flag of <user> | <boolean> Plural: interdomain trust account flags | Returns TRUE if the given user's account stipulates that a domain should trust other domains. | Win:8.1 |
last logoff of <user> | <time> Plural: last logoffs | Returns the time when the specified user last logged off. | Win:8.1 |
last logon of <user> | <time> Plural: last logons | Returns the time when the specified user last logged on. | Win:8.1 |
locked out flag of <user> | <boolean> Plural: locked out flags | Returns TRUE if the specified user is currently locked out. | Win:8.1 |
logged on user of <user> | <logged on user> Plural: logged on users | Converts a user into a 'logged on' user type -- if and only if the specified user is currently logged in. | Win:8.1 |
logon count of <user> | <integer> Plural: logon counts | Returns the number of times which the specified user's account has successfully logged on to the local machine. | Win:8.1 |
logon script of <user> | <string> Plural: logon scripts | Returns the pathname (as a string) of the specified user's logon script. | Win:8.1 |
logon server of <user> | <string> Plural: logon servers | Returns the name of the server (as a string) to which logon requests are sent for the specified user's account. | Win:8.1 |
maximum storage of <user> | <integer> Plural: maximum storages | Returns the specified user's disk quota. Will return FALSE if the user has no disk quota. | Win:8.1 |
name of <user> | <string> Plural: names | Returns the name of all the specified user, whether logged in or not. | Win:8.1, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1 |
no password required flag of <user> | <boolean> Plural: no password required flags | Returns TRUE if no password is required for the specified user. | Win:8.1 |
normal account flag of <user> | <boolean> Plural: normal account flags | Returns TRUE if the specified user's account has a default account type corresponding to a typical user. | Win:8.1 |
password age of <user> | <time interval> Plural: password ages | Returns a time interval since the specified user's password was last changed. | Win:8.1 |
password change disabled flag of <user> | <boolean> Plural: password change disabled flags | Returns TRUE if the specified user is not allowed to change his password. | Win:8.1 |
password expiration disabled flag of <user> | <boolean> Plural: password expiration disabled flags | Returns TRUE if the specified user's password on this account will never expire. | Win:8.1 |
password expired of <user> | <boolean> Plural: passwords expired | Returns TRUE if the specified user's password has expired. | Win:8.1 |
primary group id of <user> | <integer> Plural: primary group ids | On a Windows computer, this Inspector returns the group id (as an integer) corresponding to the specified user.Note: on a Mac, this Inspector returns a string corresponding to the dsAttrTypeStandard:PrimaryGroupID attribute for the specified user. | Win:8.1 |
print operator flag of <user> | <boolean> Plural: print operator flags | Returns TRUE if the specified user has print operator privileges. | Win:8.1 |
profile folder of <user> | <string> Plural: profile folders | Returns the pathname of the folder which contains the specified user's profile. | Win:8.1 |
script flag of <user> | <boolean> Plural: script flags | Returns TRUE if the logon script for the specified user has been executed. | Win:8.1 |
server operator flag of <user> | <boolean> Plural: server operator flags | Returns TRUE if the specified user has server operator privileges. | Win:8.1 |
server trust account flag of <user> | <boolean> Plural: server trust account flags | Returns TRUE if the specified user has server trust account privileges (for a backup domain controller). | Win:8.1 |
sid of <user> | <security identifier> Plural: sids | Win:8.2 | |
temporary duplicate account flag of <user> | <boolean> Plural: temporary duplicate account flags | Returns TRUE if this is a temporary duplicate account of the specified user. | Win:8.1 |
user comment of <user> | <string> Plural: user comments | Returns the user comments of the specified user. | Win:8.1 |
user id of <user> | <integer> Plural: user ids | Returns the specified user's RID number. | Win:8.1 |
user privilege of <user> | <boolean> Plural: user privileges | Returns TRUE if the specified user has a privilege level of 'user'. | Win:8.1 |
workstation trust account flag of <user> | <boolean> Plural: workstation trust account flags | Returns TRUE if the specified user's account is for a workstation or server. | Win:8.1 |
Declaration | Description | Platforms (?) |
current user | Returns the active, console (local) user, if logged on. Otherwise does not exist. Example: name of current user = "bigfix" - Returns true if BigFix is the current user object. | Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1 |
logged on user | Returns zero or more users logged on to this computer. This Inspector iterates through all logged-on users, using Fast User Switching, Terminal Services, ACLs, and on Win 9x, the registry. | Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2 |
logged on user of <user> | Converts a user into a 'logged on' user type -- if and only if the specified user is currently logged in. | Win:8.1 |
Declaration | Return type | Description | Platforms (?) |
user key of <logged on user> | <registry key> Plural: user keys | Returns the registry key of the specified logged on user | Win:9.0 |
active of <logged on user> | <boolean> Plural: actives | Returns TRUE if the specified user session is active (either as a current Fast User or an active terminal services connection). | Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2 |
activity history of <logged on user> | <activity history> Plural: activity histories | Returns the activity history of the specified logged-on user. This. | Win:8.0 |
name of <logged on user> | <string> Plural: names | If Terminal Services is available and enabled under NT4/2000/2003/XP/Vista, this Inspector returns the result of WTSQuerySessionInformation with WTSUserName. With Terminal Services disabled, it examines the ACLs on the security descriptor of the "winsta0" window station. Under Windows 9x, returns the "Current User" of "SYSTEM\CurrentControlSet\Control" if it exists. Otherwise returns No Such Object. | Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.2, WM, Ubu:8.2 |
remote of <logged on user> | <boolean> Plural: remotes | Returns TRUE if the user session is a remote terminal services connection. | Win, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac, WM, Ubu:8.2 |
session id of <logged on user> | <integer> Plural: session ids | Returns the id number of the session for the logged on users | Win:8.2, Mac:8.2 |
sid of <logged on user> | <security identifier> Plural: sids | Returns the Security ID (SID) of the user associated with the session's primary access token. With Windows 2003/XP/Vista, this is determined by WTSQueryUserToken. With NT4/2000 it is determined by the apparent shell process running in the given session. This Inspector may fail if run in a non-privileged context. The SID does not exist under Windows 9x. | Win |
tty of <logged on user> | <string> Plural: ttys | Returns the name of the connection the user is on. Result is platform specific. Examples are: "Console", "RDP-Tcp#0", "pts/1", ":0" | Win:8.2, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.2, Ubu:8.2 |
user of <logged on user> | <user> Plural: users | Returns a user object from a 'logged on' user. This is for Active Directory expressions to bridge the gaps between user types. This retains the domain information of the logged on user within the user object where other user types might not. | Win:8.1, Lin:8.2, Sol:8.2, HPUX:8.2, AIX:8.2, Mac:8.1, Ubu:8.2 |
Declaration | Description | Platforms (?) |
Declaration | Return type | Description | Platforms (?) |
Declaration | Description | Platforms (?) |
activity history of <logged on user> | Returns the activity history of the specified logged-on user. This. | Win:8.0 |
Declaration | Return type | Description | Platforms (?) |
user interval of <activity history> | <system power interval> Plural: user intervals | Returns a power interval (containing a time range and a power state, such as standby or idle) corresponding to the specified user activity history. | Win:8.0 |