|
The most 'advanced' (and thus complex) way to do this is to replace the entire set of commands on the system req menu. The command used are defined in a message in QCPFMSG. In this way you can test if this is one of the selected cases and prevent what you want to prevent, otherwise you can execute the normal command. A "break glass type user profile"??? If this is one of the boxes at normally locked doors with a emergency key, your solution however seems already too complex. Two alternatives: 1. Create a command RSTUSRPWD that allows key persons to change USERA's pwd to USERA and set it to expired. You can even allow this to be done for QSECOFR. The CPP of this program can be owned by eg QSECOFR and give adopted auth. Authority to this RSTUSRPWD command should be given to a few trusted persons only (but some that are 'always there'), but they don't need to be technically skilled. Bells and flashlights as below. 2. Create a program that call QCMD. This program can be owned by eg QSECOFR and give adopted auth. You can also let is sound bells and flash red lights (at least a msg to QHST and daily administrator where the user in writing gives her excuse to break 'normal security') > ------------------------------ > > date: Mon, 3 May 2004 10:56:03 -0500 > from: Bill Freiberg <bfreiberg@xxxxxxxxxxxx> > subject: Preventing ALT-SYSREQ > > > > > > Is there any way to prevent a user from using ALT-SYSREQ while in a certain > function/screen? > > I am trying to put together a use detection monitor for a break glass type > user profile. I have it askoing for the users "real" user id and password, > validting with the handle APIs, and sending usage notifcation e-mails, but > I need to prevent the user from being able to ALT-SYSREQ out to bypass it.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.