[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Does "*DISABLED" = NO PASSWORD?  How can I get status information on all user profiles?

Posted on 2004-04-19
7
Medium Priority
?
1,060 Views
Last Modified: 2007-12-19
I am working out a methodology for auditing AS400s.  I have a list of reports, but I am having trouble determining ALL of the profile information.  I don't have an AS400 at hand though...

When I look at ANZDFTPWD (default passwords) there is a column for STATUS and PASSWORD EXPIRED.

The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities.

How can I get a report showing complete status and password information for every user?  
0
Comment
Question by:billwagnon
5 Comments
 
LVL 1

Assisted Solution

by:Helixir
Helixir earned 200 total points
ID: 10862380
*DISABLED mean that your user cannot access the As/400 anymore !!

What password information do you mean ??
0
 
LVL 4

Expert Comment

by:LewisPower
ID: 10862578
I think the better way to see information about a user would be the command DSPUSRPRF. With this command you will be able to see, print or outfile information.

I prefer to work with a file cause I can do some query on it, but it's up to you.

With a file, you'll be able to see password expiration interval (-1) mean never, (0) sysval else #of days. You'll see if the password is expired, if the user is enabled or disabled, etc.

So try this one and let me know if you need more informations.
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10865076
use display user profile to file, from there you can process the file as you like to choose desired fields and records.

e.g.,
DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/USRPRF)
it will produce a file USRPRF in library QTEMP

To display the file (with column heading):
RUNQRY QRY(*NONE) QRYFILE((QTEMP/USRPRF))

If you want to select the fields/records, or want to produce report, create a query to that file
WRKQRY


0
 
LVL 2

Expert Comment

by:csimonds
ID: 10879949
I think PRTUSRPRF might be what you're looking for. I'm on a V5R2 machine.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 300 total points
ID: 10884438
billwagnon:

First, no, *DISABLED is not the same as password = *NONE. A profile with no password might be *ENABLED or *DISABLED; either way, it's a profile that cannot be signed on under. Common use is to create these profiles to act as object owners or group profiles.

A *DISABLED profile is one that has violated system security policy in some way and has therefore been, ummm..., well, disabled. Violation commonly is due to multiple signon attempts with the wrong password. An administrator might also deliberately disable a profile for someone who's left the company because the profile controls objects that cannot yet be distributed to other users or because it has other active links to processes and cannot be safely deleted. Profiles can also be automatically disabled for being out of use over extended times and other reasons.

You might want the PRTUSRPRF command mentioned above if you're looking for reports. Try:

 ==>  prtusrprf  select(*usrcls)

If you have enough authority, that should get you a lot of printed info. Prompt the command and review the help text for variations.

By running the DSPUSRPRF command to an outfile, you can query the result in a number of ways to print almost any report you wish. Again, prompt the command and review the help text.

As far as password info goes, the info you're going to get will be stuff like does the profile have a password? has it been changed? is it due for a change? etc. The password itself, and essentially all details about it such as length, etc., are unavailable.

Note that you'll need to verify that you have sufficient authority to see everything you're asking for. I was confused by your statement "The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities." The DSPAUTUSR command in particular includes all users if you have enough authority, not just users with special authorities.

Tom
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes MS breaks things just for fun... In Access 2003, only the maximum allowable SQL string length could cause problems as you built a recordset. Now, when using string data in a WHERE clause, the 'identifier' maximum is 128 characters. So, …
Tech giants such as Amazon and Google have sold Alexa and Echo to such an extent that they have become household names. And soon they are expected to be used by commoners in their homes, ordering takeout, picking out a song, answering trivia questio…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question