Appendix D. Reference data
This appendix contains a collection of reference data that I’ve found useful. This information is available on the web, but can some of it can be awkward to track down.
The user account control flags are used to set the properties on a user account, including whether it’s enabled or disabled. The attribute is a 32-bit integer where various bits have a particular meaning, as shown in table D.1.
Table D.1. User account control flags
| Property |
Decimal value |
Hexadecimal value |
|---|---|---|
| Script (logon script will run) | 1 | 0x01 |
| Account Disabled | 2 | 0x02 |
| Home Directory Required | 8 | 0x08 |
| Account Locked Out | 16 | 0x10 |
| Password Not Required | 32 | 0x20 |
| Password Cannot Change | 64 | 0x40 |
| Encrypted Text Password Allowed | 128 | 0x80 |
| Temporary Duplicate Account | 256 | 0x100 |
| Normal Account | 512 | 0x200 |
| Interdomain Trust Account | 2048 | 0x800 |
| Workstation Trust Account | 4096 | 0x1000 |
| Server Trust Account | 8192 | 0x2000 |
| Do not Expire Password | 65536 | 0x10000 |
| MNS Logon account | 131072 | 0x20000 |
| Smartcard Required | 262144 | 0x40000 |
| Trusted for delegation | 524288 | 0x80000 |
| Not Delegated | 1048576 | 0x100000 |
| Use DES Key Only | 2097152 | 0x200000 |
| Do Not Require Kerberos Preauthentication for Logon | 4194304 | 0x400000 |
| Password Expired | 8388608 | 0x800000 |
| Trusted to Authenticate for Delegation | 16777216 | 0x1000000 |