Assuming that the user profile is being disabled due to the QMAXSIGN system value threshold being exceeded, then the answer is "kind of". Vendor response follows: For my eXtreme CL Message Monitor product I provide a scenario where QMAXSIGN is exceeded and the user profile is re-enabled (along, when necessary, with varying back on the device description as quite often the display device will also be varied off). The sample scenario doesn't actually prompt the user with security-related questions (it is after all just a sample lol), but the general approach should work with some changes. The user program which receives control upon a user profile going disabled due to QMAXSIGN is not running in a job associated with the display device where the user is attempting to signon (there is no user job associated with the display as they haven't signed on yet). So your program would need to acquire the display (which should work fine as the display device is at the signon panel though you may need to vary the device back on also -- easily enough done) and then prompt the user with the security questions. If they answer correctly the program re-enables the user profile and releases the display. The user should now see the signon panel and try their password again. The one caution is that the user may have walked away from the terminal. So you will most likely want a command key enabled to get (the next user) off of your security prompt panel, have the program prepared for the device to "now" be in use (someone else signed on in the (hopefully) brief period of time between profile disabled and your program getting control), verify that the *usrprf being re-enabled is indeed disabled (again due to a different user potentially being at the display), etc. If you are interested in using this type of approach I would enjoy hearing from you directly -- this could be a nice little add on product for me too :). The eXtreme CL Message Monitor support is ready to go but not currently on the web site (<a href="http://powercl.com/xcl/about-xcl">here</a>) due to other work keeping the web manager busy. The support provides for you defining message conditions to trigger the calling of your program(s) -- or sending a user formatted message to a user specified *DTAQ or running a command though I believe you would want to use the program call support -- and for the generation of a stub version of your program(s). For an eXtreme CL approach your system will need to be at V5R4 or later. End of vendor response. The "kind of" I mentioned earlier is due to the small timing window between the user profile being disabled and your program getting to the device. It's not like the system has a direct exit to your program from the signon panel. Bruce ==================================================== Be aware that "bypass signon" configurations may make it tricky to 'acquire' the appropriate devices. If the session connection cannot be established due to profile/password problems, there might be no device available to acquire. See these three questions for more info about your question:<ul> <li><a href="http://itknowledgeexchange.techtarget.com/itanswers/password-reset-by-menu-item/">Password reset by menu item</a></li><li><a href="http://itknowledgeexchange.techtarget.com/itanswers/ability-to-change-a-users-password/">Ability to change a users password</a></li><li><a href="http://itknowledgeexchange.techtarget.com/itanswers/how-to-reset-the-password/">How to reset the password??</a></li> </ul> Tom ==================================================== HI, i suggest you to write a customized CL program which will access the database for anything you put(like Q&A) and write the logic to check if the user enters the corect value then proceed to get the userid enabled based on that. Hope this will clear your doubt.

Assuming that the user profile is being disabled due to the QMAXSIGN system value threshold being exceeded, then the answer is "kind of". Vendor response follows: For my eXtreme CL Message Monitor product I provide a scenario where QMAXSIGN is exceeded and the user profile is re-enabled (along, when necessary, with varying back on the device description as quite often the display device will also be varied off). The sample scenario doesn't actually prompt the user with security-related questions (it is after all just a sample lol), but the general approach should work with some changes. The user program which receives control upon a user profile going disabled due to QMAXSIGN is not running in a job associated with the display device where the user is attempting to signon (there is no user job associated with the display as they haven't signed on yet). So your program would need to acquire the display (which should work fine as the display device is at the signon panel though you may need to vary the device back on also -- easily enough done) and then prompt the user with the security questions. If they answer correctly the program re-enables the user profile and releases the display. The user should now see the signon panel and try their password again. The one caution is that the user may have walked away from the terminal. So you will most likely want a command key enabled to get (the next user) off of your security prompt panel, have the program prepared for the device to "now" be in use (someone else signed on in the (hopefully) brief period of time between profile disabled and your program getting control), verify that the *usrprf being re-enabled is indeed disabled (again due to a different user potentially being at the display), etc. If you are interested in using this type of approach I would enjoy hearing from you directly -- this could be a nice little add on product for me too :). The eXtreme CL Message Monitor support is ready to go but not currently on the web site (<a href="http://powercl.com/xcl/about-xcl">here</a>) due to other work keeping the web manager busy. The support provides for you defining message conditions to trigger the calling of your program(s) -- or sending a user formatted message to a user specified *DTAQ or running a command though I believe you would want to use the program call support -- and for the generation of a stub version of your program(s). For an eXtreme CL approach your system will need to be at V5R4 or later. End of vendor response. The "kind of" I mentioned earlier is due to the small timing window between the user profile being disabled and your program getting to the device. It's not like the system has a direct exit to your program from the signon panel. Bruce ==================================================== Be aware that "bypass signon" configurations may make it tricky to 'acquire' the appropriate devices. If the session connection cannot be established due to profile/password problems, there might be no device available to acquire. See these three questions for more info about your question:<ul> <li><a href="http://itknowledgeexchange.techtarget.com/itanswers/password-reset-by-menu-item/">Password reset by menu item</a></li><li><a href="http://itknowledgeexchange.techtarget.com/itanswers/ability-to-change-a-users-password/">Ability to change a users password</a></li><li><a href="http://itknowledgeexchange.techtarget.com/itanswers/how-to-reset-the-password/">How to reset the password??</a></li> </ul> Tom ==================================================== HI, i suggest you to write a customized CL program which will access the database for anything you put(like Q&A) and write the logic to check if the user enters the corect value then proceed to get the userid enabled based on that. Hope this will clear your doubt.