Greg -

For the disabled devices, change system value QMAXSGNACN from 3 (disable
device and profile) to 2 (disable profile). If you are using virtual
devices (QPADEV*), there's no reason to disable the device since a new
device is automatically created. If you are using named devices, disabling
the device means no one else can use it after it is disabled. So changing
the sysval fixes that.

Please consider not automatically re-enabling the user profile. There's a
reason for disabling it after too many invalid attempts. Maybe your
operator stumbled across a book on the Internet that tells him/her how to
do something but they need *SECOFR access so they're trying to log on to
someone else's profile to do it. If you're automatically enabling the user
profile, they essentially get unlimited attempts to guess a password.
Instead, look into some way of generating a new password and sending it in
an email to the email address of the user when the profile gets disabled.
Then the user signs on with the temp password and has to change it. This
would require a little programming or there are vendors that offer a
similar product.

Thanks,

Steve McKay
(205) 585-8424
samckay1@xxxxxxxxx



On Tue, Nov 2, 2021 at 8:53 AM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

We recently switched to password level 3 (in addition to quite a few other
security changes). This has been in place for several months now and we
have a epidemic of disabled user ID's and varied off devices. While this
inconvenience is tolerable during normal working hours, it's killing
productivity during the off-hours/days that IT coverage is not available.

Is there any way to automate enablement of passwords that are disabled by
invalid sign on attempts - say after 15-20 minutes?
Same question for devices varied off by too many invalid password attempts?

I thought about writing an RPG or SQL program to do this - just not sure
where to start.

I really do not want to give SECADM authority to any more users.

TIA,
Greg
[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.