It should be pretty easy to write something that finds the disabled profiles and re enable them. You've seen the disabled user id query that K Crawford sent, that gives a lot of info, but for your case, you may want to look at qsys2.user_info. It should have everything you need for identifying the users. For devices, not sure.
Just a thought. For me, I would be wary of something that automatically renables user profiles. It will create (at least for us) another report that must be checked every day. If your users have command line access, this is what I would do.
Create a command and cl/rpg that just takes a user profile (or devd). Command processor has an owner with proper authority, and you adopt authority. It also does some logging, and sends a break message to somewhere monitored. Make the command and processing program *PUBLIC *EXCLUDE, put everyone that you trust to run the command into a group profile, and give them access to the command/processor.
If it is happening enough that you expect reports everyday, then just flat out automating it would work, but you really need to fix the user problem and not just through a bandaid over it. If it's not, then certain users have the ability to fix it for other users without involving IT, but you still get a notice when it is happening, and you can address repeat offenders as necessary.
On Tue, 2021-11-02 at 12:53 +0000, Greg Wilburn wrote:
We recently switched to password level 3 (in addition to quite a few other security changes). This has been in place for several months now and we have a epidemic of disabled user ID's and varied off devices. While this inconvenience is tolerable during normal working hours, it's killing productivity during the off-hours/days that IT coverage is not available.
Is there any way to automate enablement of passwords that are disabled by invalid sign on attempts - say after 15-20 minutes?
Same question for devices varied off by too many invalid password attempts?
I thought about writing an RPG or SQL program to do this - just not sure where to start.
I really do not want to give SECADM authority to any more users.
TIA,
Greg
[Logo]<
https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx><mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<
http://www.totalbizfulfillment.com><
http://www.totalbizfulfillment.com>
[
https://www.medtronsoftware.com/img/MedtronMinilogo.bmp]
Kevin Bucknum
Senior Programmer Analyst
MEDDATA / MEDTRON
120 Innwood Drive
Covington LA 70433
Local: 985-893-2550<tel:985-893-2550>
Toll Free: 877-893-2550<tel:877-893-2550>
https://www.medtronsoftware.com
CONFIDENTIALITY NOTICE
This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents.
midrange.com
