Solved

Does "*DISABLED" = NO PASSWORD?  How can I get status information on all user profiles?

Posted on 2004-04-19
7
1,014 Views
Last Modified: 2007-12-19
I am working out a methodology for auditing AS400s.  I have a list of reports, but I am having trouble determining ALL of the profile information.  I don't have an AS400 at hand though...

When I look at ANZDFTPWD (default passwords) there is a column for STATUS and PASSWORD EXPIRED.

The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities.

How can I get a report showing complete status and password information for every user?  
0
Comment
Question by:billwagnon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Assisted Solution

by:Helixir
Helixir earned 50 total points
ID: 10862380
*DISABLED mean that your user cannot access the As/400 anymore !!

What password information do you mean ??
0
 
LVL 4

Expert Comment

by:LewisPower
ID: 10862578
I think the better way to see information about a user would be the command DSPUSRPRF. With this command you will be able to see, print or outfile information.

I prefer to work with a file cause I can do some query on it, but it's up to you.

With a file, you'll be able to see password expiration interval (-1) mean never, (0) sysval else #of days. You'll see if the password is expired, if the user is enabled or disabled, etc.

So try this one and let me know if you need more informations.
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10865076
use display user profile to file, from there you can process the file as you like to choose desired fields and records.

e.g.,
DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/USRPRF)
it will produce a file USRPRF in library QTEMP

To display the file (with column heading):
RUNQRY QRY(*NONE) QRYFILE((QTEMP/USRPRF))

If you want to select the fields/records, or want to produce report, create a query to that file
WRKQRY


0
 
LVL 2

Expert Comment

by:csimonds
ID: 10879949
I think PRTUSRPRF might be what you're looking for. I'm on a V5R2 machine.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 75 total points
ID: 10884438
billwagnon:

First, no, *DISABLED is not the same as password = *NONE. A profile with no password might be *ENABLED or *DISABLED; either way, it's a profile that cannot be signed on under. Common use is to create these profiles to act as object owners or group profiles.

A *DISABLED profile is one that has violated system security policy in some way and has therefore been, ummm..., well, disabled. Violation commonly is due to multiple signon attempts with the wrong password. An administrator might also deliberately disable a profile for someone who's left the company because the profile controls objects that cannot yet be distributed to other users or because it has other active links to processes and cannot be safely deleted. Profiles can also be automatically disabled for being out of use over extended times and other reasons.

You might want the PRTUSRPRF command mentioned above if you're looking for reports. Try:

 ==>  prtusrprf  select(*usrcls)

If you have enough authority, that should get you a lot of printed info. Prompt the command and review the help text for variations.

By running the DSPUSRPRF command to an outfile, you can query the result in a number of ways to print almost any report you wish. Again, prompt the command and review the help text.

As far as password info goes, the info you're going to get will be stuff like does the profile have a password? has it been changed? is it due for a change? etc. The password itself, and essentially all details about it such as length, etc., are unavailable.

Note that you'll need to verify that you have sufficient authority to see everything you're asking for. I was confused by your statement "The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities." The DSPAUTUSR command in particular includes all users if you have enough authority, not just users with special authorities.

Tom
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Gain an elementary understanding of Blockchain technology.
If you need a simple but flexible process for maintaining an audit trail of who created, edited, or deleted data from a table, or multiple tables, and you can do all of your work from within a form, this simple Audit Log will work for you.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question