Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

useraccountcontrol codes

Posted on 2006-07-06
3
Medium Priority
?
7,982 Views
Last Modified: 2008-07-22
Hi I'm running a script to extract the Computer object information from a AD domain. I'm also extracting the 'useraccountcontrol' attribute and I'm getting the following 4 values:

4096
4098
4128
532480

I found the article http://support.microsoft.com/default.aspx?scid=kb;en-us;305144 but it doesn't explain the concept fully. I know 4096 and 532480 is probably a value to indicate domain controller machines. But I donot understand 4098 and 4128. How can I find more information on what these and other codes denote?

Any help will be greatly appreciated.
Gaurang
0
Comment
Question by:gtrivedi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1500 total points
ID: 17052377
This is a bitmap value, that means each bit represents one of the flags. To create this attribute, just add the values of the flags the account should have.
To find out what a given attribute means, continue to subtract the largest possible flag value until you reach zero (4098 - 4096 = 2, 2 - 2 = 0); the values you subtracted are the flags set.
Or convert the value to binary (using calc.exe), check where the 1s are, and compare with the binary equivalent of the flags.
Binary numeral system
http://en.wikipedia.org/wiki/Binary_arithmetic

4096 is a plain computer account.
4098 is 4096 + 2, so this would be a disabled computer account.
4128 is 4096 + 32, so this would be a computer account that doesn't require a password.
532480 is 524288 + 8192, so this would be a domain controller account that's trusted for delegation.
0
 
LVL 26

Expert Comment

by:Pber
ID: 17052408
It's a bitmask.  So convert the number to binary so that would return:

10000010000000000000

So this would be two separate values (past into calculator and conver to hex):

10000000000000000000 which is 80000 hex or 0x80000 as per your the MS article equals TRUSTED_FOR_DELEGATION

and

00000010000000000000 which is 2000 or 0x2000 as per your MS article equals SERVER_TRUST_ACCOUNT

hope that helps
0
 

Author Comment

by:gtrivedi
ID: 17056855
Thanks oBDA and Pber.
I understand the concept now.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question