All AS400 User Profiles disabled

5 pts.
Tags:
AS/400
AS/400 user profiles
Every monday all AS400 user profiles are disabled and we have to enabled them manually.
ASKED: July 7, 2008  11:43 AM
UPDATED: July 15, 2008  8:58 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

Can you find where/when this happens? Is this for *every* user profile? How do you get into the system to reset them?

Take a look at one of the profiles, is the password expired or has it been disabled by too many invalid sign-on attempts? Maybe you have a hacker trying to get into your system – do you have any external access to the machine?

Take a look at the system log (DSPLOG) for the weekend, see if you can find which job changes the user profiles. Take a look at your scheduled jobs (WRKJOBSCDE) to see whether there’s a job scheduled to do this in the weekend. Try looking at your QSYSOPR messages to see whether there’re any messages about this.

Regards,

Martin Gilbert.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Tpinky
    Hello, The Display Activation Schedule (DSPACTSCD) command lets you view the activation schedule if you have it set up for profiles.those entries will control when specific user profiles are clear to sign on to your iSeries or AS/400 (by enabling their user profile) and when they cannot sign on (by disabling their user profile). Here's how it works and what its drawbacks are. If you have a consultant with a user profile name of CONSULT, for example, who is authorized to sign on during the week from 8:00 a.m. until 6:00 p.m., you could control his system access times by running CHGACTSCDE to add the following activation entry to the system. CHGACTSCDE USRPRF(CONSULT) ENBTIME('08:00:00') DSBTIME('18:00:00') DAYS(*MON *TUE *WED *THU *FRI) The user profile (USRPRF) parameter specifies the user ID you are controlling access for. The ENBTIME (enable time) parameter specifies when the user profile will be enabled. The DSBTIME (disable time) parameter tells OS/400 when to disable the user's profile. All times are stated in military (24-hour) time. The DAYS parameter tells OS/400 that your target user profile will be enabled and disabled according to this schedule during the normal work week (Monday through Friday). If you wanted to continue this access schedule through the weekend, you could change the DAYS parameter to *ALL, which would activate and deactivate the user profile every day of the week. When you use CHGACTSCDE to enter an activation entry, OS/400 creates two jobs for each entry, and these jobs will automatically run via OS/400's job scheduling function. To view these jobs, run the Work with Job Schedule Entries (WRKJOBSCDE) command and look for two jobs with the names QSECACT1 that are scheduled to run at your user profile's designated activation and deactivation times. For user "CONSULT," the scheduled QSECACT1 activation job would run the following command at the enable time. QSYS/CALL PGM(QSYS/QSECACT5) PARM('CONSULT' E) When this job runs, OS/400 will change the CONSULT user profile's STATUS parameter to *ENABLED, which allows the user to sign on to the system. Conversely, the second QSECACT1 job that deactivates your user profile at the designated time will execute the following command. QSYS/CALL PGM(QSYS/QSECACT5) PARM('CONSULT' D) When this job runs, OS/400 will change the CONSULT user profile's STATUS parameter to *DISABLED, which prevents anyone from signing on to the system with that user profile. OS/400 sets up these activation jobs automatically, so you don't need to worry about running them. However, you can only set up one activation schedule entry per user, so if you modify a user's entry, it will replace the existing entry with the new values. While CHGACTSCDE allows you to set up your activation schedule, the DSPACTSCD command allows you to view all the activation entries you've set up in the system. If you type DSPACTSCD at a command line or from inside an Operations Navigator command box, a list of all your user profile activation entries will appear. You can then use CHGACTSCDE to make any changes for individual user profiles in your schedule. TPinky
    4,165 pointsBadges:
    report
  • Brunocl
    If all user profiles gets disabled and you can only signon with QSECOFR and there's no jobs or programs scheduled for it, it means your system's license has expired. Renew the system license. A bypass is to create a program and schedule it to enable critical user profiles.
    230 pointsBadges:
    report
  • Sysadm57
    You can also check for a WRKJOBSCDE of QSECIDL1 . If you have this entry, display the details of the entry to see what the parm is set to. It could be 001, which disables all profiles that have been inactive for more than 1 day. The normal setting for this parm is 030 days.
    55 pointsBadges:
    report
  • Guy
    Hello, To find which job is disabling your profiles, use the Audit journal. - Create a receiver where you want, and the QAUDJRN journal in QSYS attaching that receiver. - Change system value QAUDCTL with *AUDLVL value - Change system value QAUDLVL with *SECCFG or *SECURITY value Then, on Monday, display QAUDJRN (with DSPJRN) and search items with code T and type CP (change profile). Look at the item with option 5, if it is the good one you'll find *DISABLED at position 158 Use F10 to see the job which has changed the profile. Guy
    25 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following