Improve company productivity with a Business Account.Sign Up

x
?
Solved

Does "*DISABLED" = NO PASSWORD?  How can I get status information on all user profiles?

Posted on 2004-04-19
7
Medium Priority
?
1,083 Views
Last Modified: 2007-12-19
I am working out a methodology for auditing AS400s.  I have a list of reports, but I am having trouble determining ALL of the profile information.  I don't have an AS400 at hand though...

When I look at ANZDFTPWD (default passwords) there is a column for STATUS and PASSWORD EXPIRED.

The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities.

How can I get a report showing complete status and password information for every user?  
0
Comment
Question by:billwagnon
5 Comments
 
LVL 1

Assisted Solution

by:Helixir
Helixir earned 200 total points
ID: 10862380
*DISABLED mean that your user cannot access the As/400 anymore !!

What password information do you mean ??
0
 
LVL 4

Expert Comment

by:LewisPower
ID: 10862578
I think the better way to see information about a user would be the command DSPUSRPRF. With this command you will be able to see, print or outfile information.

I prefer to work with a file cause I can do some query on it, but it's up to you.

With a file, you'll be able to see password expiration interval (-1) mean never, (0) sysval else #of days. You'll see if the password is expired, if the user is enabled or disabled, etc.

So try this one and let me know if you need more informations.
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10865076
use display user profile to file, from there you can process the file as you like to choose desired fields and records.

e.g.,
DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/USRPRF)
it will produce a file USRPRF in library QTEMP

To display the file (with column heading):
RUNQRY QRY(*NONE) QRYFILE((QTEMP/USRPRF))

If you want to select the fields/records, or want to produce report, create a query to that file
WRKQRY


0
 
LVL 2

Expert Comment

by:csimonds
ID: 10879949
I think PRTUSRPRF might be what you're looking for. I'm on a V5R2 machine.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 300 total points
ID: 10884438
billwagnon:

First, no, *DISABLED is not the same as password = *NONE. A profile with no password might be *ENABLED or *DISABLED; either way, it's a profile that cannot be signed on under. Common use is to create these profiles to act as object owners or group profiles.

A *DISABLED profile is one that has violated system security policy in some way and has therefore been, ummm..., well, disabled. Violation commonly is due to multiple signon attempts with the wrong password. An administrator might also deliberately disable a profile for someone who's left the company because the profile controls objects that cannot yet be distributed to other users or because it has other active links to processes and cannot be safely deleted. Profiles can also be automatically disabled for being out of use over extended times and other reasons.

You might want the PRTUSRPRF command mentioned above if you're looking for reports. Try:

 ==>  prtusrprf  select(*usrcls)

If you have enough authority, that should get you a lot of printed info. Prompt the command and review the help text for variations.

By running the DSPUSRPRF command to an outfile, you can query the result in a number of ways to print almost any report you wish. Again, prompt the command and review the help text.

As far as password info goes, the info you're going to get will be stuff like does the profile have a password? has it been changed? is it due for a change? etc. The password itself, and essentially all details about it such as length, etc., are unavailable.

Note that you'll need to verify that you have sufficient authority to see everything you're asking for. I was confused by your statement "The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities." The DSPAUTUSR command in particular includes all users if you have enough authority, not just users with special authorities.

Tom
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

One day, as you try to send an email from your SharePoint account, an error message appears saying: “E-mail Message Cannot be Sent.” You may have outgoing email settings misconfigured.
Here is how to restore SQL Server database to the point in time.  Follow the step by step approach to restore your database at a specific point in time and also understand its alternate approach.
Watch the video to learn how one can deal with PST file corruption issue with an outstanding Kernel for Outlook PST Repair Tool easily. Using this tool, non-technical users can swiftly perform the repair process to restore their essential data witho…
Watch the video which demonstrates the easy migration process from GroupWise to Outlook with the help of Kernel Novell GroupWise to Outlook software. User can export single or multiple mailboxes either by Online mode or via Command line mode with ea…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question