Solved

Does "*DISABLED" = NO PASSWORD?  How can I get status information on all user profiles?

Posted on 2004-04-19
7
998 Views
Last Modified: 2007-12-19
I am working out a methodology for auditing AS400s.  I have a list of reports, but I am having trouble determining ALL of the profile information.  I don't have an AS400 at hand though...

When I look at ANZDFTPWD (default passwords) there is a column for STATUS and PASSWORD EXPIRED.

The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities.

How can I get a report showing complete status and password information for every user?  
0
Comment
Question by:billwagnon
7 Comments
 
LVL 1

Assisted Solution

by:Helixir
Helixir earned 50 total points
ID: 10862380
*DISABLED mean that your user cannot access the As/400 anymore !!

What password information do you mean ??
0
 
LVL 4

Expert Comment

by:LewisPower
ID: 10862578
I think the better way to see information about a user would be the command DSPUSRPRF. With this command you will be able to see, print or outfile information.

I prefer to work with a file cause I can do some query on it, but it's up to you.

With a file, you'll be able to see password expiration interval (-1) mean never, (0) sysval else #of days. You'll see if the password is expired, if the user is enabled or disabled, etc.

So try this one and let me know if you need more informations.
0
 
LVL 6

Expert Comment

by:dedy_djajapermana
ID: 10865076
use display user profile to file, from there you can process the file as you like to choose desired fields and records.

e.g.,
DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/USRPRF)
it will produce a file USRPRF in library QTEMP

To display the file (with column heading):
RUNQRY QRY(*NONE) QRYFILE((QTEMP/USRPRF))

If you want to select the fields/records, or want to produce report, create a query to that file
WRKQRY


0
 
LVL 2

Expert Comment

by:csimonds
ID: 10879949
I think PRTUSRPRF might be what you're looking for. I'm on a V5R2 machine.
0
 
LVL 27

Accepted Solution

by:
tliotta earned 75 total points
ID: 10884438
billwagnon:

First, no, *DISABLED is not the same as password = *NONE. A profile with no password might be *ENABLED or *DISABLED; either way, it's a profile that cannot be signed on under. Common use is to create these profiles to act as object owners or group profiles.

A *DISABLED profile is one that has violated system security policy in some way and has therefore been, ummm..., well, disabled. Violation commonly is due to multiple signon attempts with the wrong password. An administrator might also deliberately disable a profile for someone who's left the company because the profile controls objects that cannot yet be distributed to other users or because it has other active links to processes and cannot be safely deleted. Profiles can also be automatically disabled for being out of use over extended times and other reasons.

You might want the PRTUSRPRF command mentioned above if you're looking for reports. Try:

 ==>  prtusrprf  select(*usrcls)

If you have enough authority, that should get you a lot of printed info. Prompt the command and review the help text for variations.

By running the DSPUSRPRF command to an outfile, you can query the result in a number of ways to print almost any report you wish. Again, prompt the command and review the help text.

As far as password info goes, the info you're going to get will be stuff like does the profile have a password? has it been changed? is it due for a change? etc. The password itself, and essentially all details about it such as length, etc., are unavailable.

Note that you'll need to verify that you have sufficient authority to see everything you're asking for. I was confused by your statement "The user profile reports (Command Line DSPAUTUSR *USRPRF *PRINT) give me good information but not STATUS, and only include users with special authorities." The DSPAUTUSR command in particular includes all users if you have enough authority, not just users with special authorities.

Tom
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Issue executing Update Query via ODBC to a remote iSeries in Access 2010 7 607
iSeries FTP Exit Program 8 136
iSeries - Library Change Date 2 97
SQL400 max size 5 95
Google always has something new and amazing up its sleeve, and the most current thing that they have been working on is another step in the evolution of Google Search, from machine learning to its brilliant successor, deep learning.
This article outlines why you need to choose a backup solution that protects your entire environment – including your VMware ESXi and Microsoft Hyper-V virtualization hosts – not just your virtual machines.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question