Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Does "*DISABLED" = NO PASSWORD?  How can I get status information on all user profiles?

Posted on 2004-04-19
7
Medium Priority
?
1,045 Views
Last Modified: 2007-12-19
I am working out a methodology for auditing AS400s.  I have a list of reports, but I am having trouble determining ALL of the profile information.  I don't have an AS400 at hand though...

When I look at ANZDFTPWD (default passwords) there is a column for STATUS and PASSWORD EXPIRED.

The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities.

How can I get a report showing complete status and password information for every user?  
0
Comment
Question by:billwagnon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Assisted Solution

by:Helixir
Helixir earned 200 total points
ID: 10862380
*DISABLED mean that your user cannot access the As/400 anymore !!

What password information do you mean ??
0
 
LVL 4

Expert Comment

by:LewisPower
ID: 10862578
I think the better way to see information about a user would be the command DSPUSRPRF. With this command you will be able to see, print or outfile information.

I prefer to work with a file cause I can do some query on it, but it's up to you.

With a file, you'll be able to see password expiration interval (-1) mean never, (0) sysval else #of days. You'll see if the password is expired, if the user is enabled or disabled, etc.

So try this one and let me know if you need more informations.
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10865076
use display user profile to file, from there you can process the file as you like to choose desired fields and records.

e.g.,
DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/USRPRF)
it will produce a file USRPRF in library QTEMP

To display the file (with column heading):
RUNQRY QRY(*NONE) QRYFILE((QTEMP/USRPRF))

If you want to select the fields/records, or want to produce report, create a query to that file
WRKQRY


0
 
LVL 2

Expert Comment

by:csimonds
ID: 10879949
I think PRTUSRPRF might be what you're looking for. I'm on a V5R2 machine.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 300 total points
ID: 10884438
billwagnon:

First, no, *DISABLED is not the same as password = *NONE. A profile with no password might be *ENABLED or *DISABLED; either way, it's a profile that cannot be signed on under. Common use is to create these profiles to act as object owners or group profiles.

A *DISABLED profile is one that has violated system security policy in some way and has therefore been, ummm..., well, disabled. Violation commonly is due to multiple signon attempts with the wrong password. An administrator might also deliberately disable a profile for someone who's left the company because the profile controls objects that cannot yet be distributed to other users or because it has other active links to processes and cannot be safely deleted. Profiles can also be automatically disabled for being out of use over extended times and other reasons.

You might want the PRTUSRPRF command mentioned above if you're looking for reports. Try:

 ==>  prtusrprf  select(*usrcls)

If you have enough authority, that should get you a lot of printed info. Prompt the command and review the help text for variations.

By running the DSPUSRPRF command to an outfile, you can query the result in a number of ways to print almost any report you wish. Again, prompt the command and review the help text.

As far as password info goes, the info you're going to get will be stuff like does the profile have a password? has it been changed? is it due for a change? etc. The password itself, and essentially all details about it such as length, etc., are unavailable.

Note that you'll need to verify that you have sufficient authority to see everything you're asking for. I was confused by your statement "The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities." The DSPAUTUSR command in particular includes all users if you have enough authority, not just users with special authorities.

Tom
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
WooCommerce is becoming the most powerful e-commerce plugin for Wordpress. And why not. The platform comprises of numerous core plugins that may come in handy, powerful options to make your website development task much easier.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question