| Property Flag | Value in Hexadecimal | Value in Decimal | Brief Description |
|---|---|---|---|
| SCRIPT | 0x0001 | 1 | The logon script will be run. |
| ACCOUNTDISABLE | 0x0002 | 2 | The user account is disabled. |
| HOMEDIR_REQUIRED | 0x0008 | 8 | The home folder is required. |
| LOCKOUT | 0x0010 | 16 | |
| PASSWD_NOTREQD | 0x0020 | 32 | No password is required. |
| PASSWD_CANT_CHANGE | 0x0040 | 64 | The user can't change the password. It's a permission on the user's object. |
| ENCRYPTED_TEXT_PWD_ALLOWED | 0x0080 | 128 | The user can send an encrypted password. |
| TEMP_DUPLICATE_ACCOUNT | 0x0100 | 256 | An account for users whose primary account is in another domain. |
| NORMAL_ACCOUNT | 0x0200 | 512 | A default account type that represents a typical user. |
| INTERDOMAIN_TRUST_ACCOUNT | 0x0800 | 2048 | A permit to trust an account for a system domain that trusts other domains. |
| WORKSTATION_TRUST_ACCOUNT | 0x1000 | 4096 | A computer account for a computer that is a member of this domain. |
| SERVER_TRUST_ACCOUNT | 0x2000 | 8192 | A computer account for a domain controller that is a member of this domain. |
| DONT_EXPIRE_PASSWORD | 0x10000 | 65536 | Represents the password, which should never expire on the account. |
| MNS_LOGON_ACCOUNT | 0x20000 | 131072 | An MNS logon account. |
| SMARTCARD_REQUIRED | 0x40000 | 262144 | Forces the user to log on by using a smart card. |
| TRUSTED_FOR_DELEGATION | 0x80000 | 524288 | The service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. |
| NOT_DELEGATED | 0x100000 | 1048576 | The security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. |
| USE_DES_KEY_ONLY | 0x200000 | 2097152 | Restrict this principal to use only DES encryption types for keys. |
| DONT_REQ_PREAUTH | 0x400000 | 4194304 | This account doesn't require Kerberos pre-authentication for logging on. |
| PASSWORD_EXPIRED | 0x800000 | 8388608 | The user's password has expired. |
| TRUSTED_TO_AUTH_FOR_DELEGATION | 0x1000000 | 16777216 | The account is enabled for delegation. |
| PARTIAL_SECRETS_ACCOUNT | 0x04000000 | 67108864 | The account is a read-only domain controller (RODC). Removing this setting compromises security on that server. |
Created
February 22, 2025 05:59
-
-
Save timsonner/526460e4479d56364c70efebae0fd089 to your computer and use it in GitHub Desktop.
UserAccountControl properties. Property, Hex, Decimal, Description.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment