It should be pretty easy to write something that finds the disabled profiles and re enable them. You've seen the disabled user id query that K Crawford sent, that gives a lot of info, but for your case, you may want to look at qsys2.user_info. It should have everything you need for identifying the users. For devices, not sure.

Just a thought. For me, I would be wary of something that automatically renables user profiles. It will create (at least for us) another report that must be checked every day. If your users have command line access, this is what I would do.

Create a command and cl/rpg that just takes a user profile (or devd). Command processor has an owner with proper authority, and you adopt authority. It also does some logging, and sends a break message to somewhere monitored. Make the command and processing program *PUBLIC *EXCLUDE, put everyone that you trust to run the command into a group profile, and give them access to the command/processor.

If it is happening enough that you expect reports everyday, then just flat out automating it would work, but you really need to fix the user problem and not just through a bandaid over it. If it's not, then certain users have the ability to fix it for other users without involving IT, but you still get a notice when it is happening, and you can address repeat offenders as necessary.

On Tue, 2021-11-02 at 12:53 +0000, Greg Wilburn wrote:
We recently switched to password level 3 (in addition to quite a few other security changes). This has been in place for several months now and we have a epidemic of disabled user ID's and varied off devices. While this inconvenience is tolerable during normal working hours, it's killing productivity during the off-hours/days that IT coverage is not available.

Is there any way to automate enablement of passwords that are disabled by invalid sign on attempts - say after 15-20 minutes?
Same question for devices varied off by too many invalid password attempts?

I thought about writing an RPG or SQL program to do this - just not sure where to start.

I really do not want to give SECADM authority to any more users.

[Logo]<> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
1 Corporate Dr
Grantsville, MD 21536<><>

Kevin Bucknum

Senior Programmer Analyst


120 Innwood Drive
Covington LA 70433
Local: 985-893-2550<tel:985-893-2550>
Toll Free: 877-893-2550<tel:877-893-2550>


This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.