I think it's great to disable user profiles upon bad signon's.
Users can't generate a list of users? True. But they can generate a list of user message queues. They have to be able to. If they don't have access to the message queues then they can't send them a message.
So you generate a list of message queues like this
WRKOBJ OBJ(QUSRSYS/*ALL) OBJTYPE(*MSGQ)
Oh? You secured them from the command line? Simple to work around. They can download any number of tools to do this:
from table(OBJECT_STATISTICS('QUSRSYS', '*MSGQ')) x;
Then you just try signing on each one of those until they are disabled.
Soon, you've disabled every user on the system.
Great denial of service attack.
As an Amazon Associate we earn from qualifying purchases.
This thread ...
RE: Enable Disabled Users and Devices, (continued)
This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.