Re: Preventing ALT-SYSREQ

The most 'advanced' (and thus complex) way to do this is to replace the entire 
set of commands on the system req menu. The command used are defined in a 
message in QCPFMSG.
In this way you can test if this is one of the selected cases and prevent what 
you want to prevent, otherwise you can execute the normal command.

A "break glass type user profile"???

If this is one of the boxes at normally locked doors with a emergency key, your 
solution however seems already too complex.

Two alternatives:
1. Create a command RSTUSRPWD that allows key persons to change USERA's pwd to 
USERA and set it to expired. You can even allow this to be done for QSECOFR. 
The CPP of this program can be owned by eg QSECOFR and give adopted auth. 
Authority to this RSTUSRPWD command should be given to a few trusted persons 
only (but some that are 'always there'), but they don't need to be technically 
skilled. Bells and flashlights as below.

2. Create a program that call QCMD. This program can be owned by eg QSECOFR and 
give adopted auth. You can also let is sound bells and flash red lights (at 
least a msg to QHST and daily administrator where the user in writing gives her 
excuse to break 'normal security') 


> ------------------------------
> 
> date: Mon, 3 May 2004 10:56:03 -0500
> from: Bill Freiberg <bfreiberg@xxxxxxxxxxxx>
> subject: Preventing ALT-SYSREQ
> 
> 
> 
> 
> 
> Is there any way to prevent a user from using ALT-SYSREQ while in a certain
> function/screen?
> 
> I am trying to put together a use detection monitor for a break glass type
> user profile. I have it askoing for the users "real" user id and password,
> validting with the handle APIs, and sending usage notifcation e-mails, but
> I need to prevent the user from being able to ALT-SYSREQ out to bypass it.