RE: How can I easily enable/disable remote access by User -- MIDRANGE-L

Thanks to everyone that offered ideas for me to consider.

I am not 100% sure which route to go (VPN AD/IP address,
CHGACTSCDE, Initial program, etc. etc. )

Based on all of the ideas everyone came up with, I can see I
need to get more specifics on what they truly want to be
able to accomplish long term.

Thanks again for all the ideas

John

-----Original Message-----
From: Jim Franz [mailto:franz400@xxxxxxxxxxxx]
Sent: Saturday, November 08, 2008 4:28 PM
To: Midrange Systems Technical Discussion
Subject: Re: How can I easily enable/disable remote access
by User

It would help us offer a solution for determining whether
local/remote if
you told us how people access remotely.
Check out the command CHGACTSCDE (change activation schedule
entry) which
you could use to schedule normal onsite office hours , and
user would be
disabled during off hours. It is a cmd you could use from a
subfile pgm
(with proper auth). It is part of the Security Tools loaded
on all systems
(GO SECTOOLS).
Jim Franz

----- Original Message -----
From: "John Allen" <jallen@xxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Sent: Saturday, November 08, 2008 2:13 PM
Subject: RE: How can I easily enable/disable remote access
by User

Thanks for the quick reply,

They want this to be real easy thing to do

(disable/enable)

because it will be done quite often, don't want to
continually have to go into Active Directory to make the
changes if there is an easier way.

We do not want to disable User profile because they are
still allowed to use System i while in the office, just

want

to stop the remote access.

My initial thought was some type of Subfile program that
displays all of the User Profiles and set a flag Allow
Remote Access Y/N.

But once I have the User Profile and the flag value I

guess

I could write a program to run as there initial program

and

if they are attempting remote access end the job.

Not sure how I can tell if they are coming in remotely
versus locally (in the office)

I was also hoping I did not have to write a program if
someone else already has, or if there is an inexpensive
solution available.

Thanks
For your suggestion about Active Directory, I will have to
see if that is possible solution

John

-----Original Message-----
From: David Wright [mailto:opendave@xxxxxxxxx]
Sent: Saturday, November 08, 2008 12:48 PM
To: Midrange Systems Technical Discussion
Subject: Re: How can I easily enable/disable remote access
by User

What sort of VPN hardware are you using?

Some grant/deny VPN access through Active Directory and

some

through
internal user lists.

But if access to the i is the only thing you need to
restrict, couldn't you
just enable/disable user profiles on the i?

On Sat, Nov 8, 2008 at 9:03 AM, John Allen
<jallen@xxxxxxxxxxx> wrote:

We have some employees that access our System i remotely
(through a VPN)

--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:

http://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the