AS/400 User Profiles
For auditing purposes, I need to find out what workstation a password was changed on. When you dspusrprf it shows the date it was changed and the date and time last logged. I would assume the workstation information must be there somewhere. Does anyone know how I could find this?
Software/Hardware used:
Software/Hardware used:
ASKED:
May 12, 2005 12:25 PM
UPDATED:
October 24, 2010 10:28 AM
RELATED QUESTIONS
- Dropped network connections between Windows Server 2008 R2 and various Win OS’s
- Date Time Error in VB
- Excel 2007 saves the file when I close it without prompting me even though no changes were done
- Need to know the date and time a particular sql command was fired through an interactive session
- password
Answer Wiki:
Check out "iSeries Tips and Tools for Securing Your iSeries Version 5" (SC41-5300-06) at
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/books/c4153006.pdf
Look at the "Monitor user profile activity" topic on p.85. I think you can do what you want.
====================================================
See the Security Reference Appendix F for CP (User Profile Changes) audit journal entries. Review entries with the Command Name field value 'CHG' and Password Changed value 'Y'.
Tom
To see all answers submitted to the Answer Wiki: View Answer History.
If you have auditing turned on, you can use the CPYAUDJRNE command to find out who made the change, when the change was made, what was changed and the IP address of the machine where the change was made.
Note that the password might not have been changed from any workstation at all. A CHGUSRPRF command can be submitted by itself to batch or be run compiled in a program. A chain that leads to a source can be tricky.
Tom