Kiong   135 pts.  |   Mar 13 2009  2:26PM GMT

Hi,

Assuming you’re using client access - you can specify the workstation name in the client access config for each machine - then each PC should only use it’s own workstation Id. If you specify new workstation names, you’ll need to set the auto config system values to create the new device descriptions for you - once they’ve been created you can set the system values back to whatever they were.

Regards,

Martin Gilbert.

HI,..
thanks for your answer…
what i means is can we make devd which lock by ip address..
so this devd can’t open in other ip address..

Batman47   525 pts.  |   Mar 13 2009  4:51PM GMT

Hello,

What would work really well is to come up with a naming convention for your workstation Ids. Since you seem to be focused on the IP address, you can use the unique portion of each address for each workstation ID. At one time we used the number of the network jack the workstations would plug into. IP address and jack numbers can change in the future, so we finally used a simple naming convention: PC####, the letters ‘PC’ followed by a 4 digit number. This works well to ‘lock’ the devd by PC (which is better than locking it by ip address) Also, we first woud create the device description so that we could enter the user’s name in the Text field, so we could easily keep track of who is using which device… when a person is terminated from the company we also delete the device description since the PC is shipped back to the Help Desk to get reimaged. The Help Desk can not install and configure an iSeries Access client without obtaining a new workstation ID from me (or my backup). I keep track of when these devd’s get created and when they were last use, that way I can report back how many iSeries Access installs we have on my status report each month.

This all works very from a security standpoint as well…. Users can not access our interactive subsystem without have a ‘PC’ workstation ID. Also, if someone decides on their own to pick a workstation number that someone else is using the problem will be very visable. So, it will be noticed if iSeries Access configurations were done incorrectly.

Let me know if you have any further questions, as I’ve done this since the beginning of time (or at least when iSeries Access first came out).

Bruce

Kiong   135 pts.  |   Mar 13 2009  5:33PM GMT

hello batman..

thanks for your comment..
I have already naming devd like your idea..
but our big problem is the user try to use another devd when their default devd being use by another user..
the user try one by one where is the empty workstation id..
so i try to lock workstation id with the PC they use..
there is anyway in AS/400 to do that?

MrObvious   140 pts.  |   Mar 13 2009  6:17PM GMT

the emulation prgm that we use on PCs will automatically ‘pass-thru’ as a QPADEVxxxx
(Q = everthing supplied by IBM starts with a Q,
PADEV - stands for ‘pass-thru-device)
UNLESS you go into it’s settings and give the device a designated name which overrides the default.
(this way it never changes even if DHCP changes the IP of the PC)

i.e HZPCSHIP (first two letters designate which warehouse location HZ is Hazelwood facility)
PC (obvious) SHIP is where in the warehouse the device is located - shipping dept.

a second named session on the same PC will show up in WRKACT as HZPCSHIPS1, etc.
this way each warehouse’s devices come up grouped together
HZPC
HZPRTPAC1, 2 etc.
HZPRTLBL1, 2 etc.

Kiong   135 pts.  |   Mar 13 2009  8:04PM GMT

thanks for all comment..
but all provided solution already do by me..
my real question is,there is another way beside that?

warm regards,

Gilly400   23625 pts.  |   Mar 15 2009  4:27PM GMT

Hi,

I think your real problem is that the users can select which device they connect to. You should change your security on the PC’s to restrict the configuration files in client access to only be updated by an administrator. Then set each PC up with a unique device Id.

Regards,

Martin Gilbert.

Batman47   525 pts.  |   Mar 16 2009  6:09PM GMT

You could also go through all of your device decriptions and set the appropriate security, making sure to set *PUBLIC to *EXCLUDE so only the specific user you specify can use that device.

Pdraebel   865 pts.  |   Mar 17 2009  8:27AM GMT

If the purpose would be to block certain IP adresses why not use the TCP ROUTING table of the iSeries ?
(CFGTCP option 2)
Another route that could block certain names of Workstations are the SUBSYSTEM workstation entries.

Jbmm   115 pts.  |   May 29 2009  8:20AM GMT

@Pdraebel | Mar 17 2009 8:27AM GMT
>>Another route that could block certain names of Workstations are the SUBSYSTEM workstation entries.

Thanks, I encountered a new range of workstation id’s today that neede to be connected, and didn’t understand why they got a blank screen…

So, if you start setting up working with workstation id’s, make sure your syntax is in the list of the subsystem where the sessions are supposed to run.
Example: now running QPADEV* in subsytem INTER, you can see this in (WRKSBSD INTER, option 4).
Here I added CNEH* for a new range of workstation id’s to be connected. Otherwie you get a blank screen in ClientAcces (with session started message in statusbar)

grtz
Jeroen

Pdraebel   865 pts.  |   Oct 20 2009  7:39AM GMT

Hi Jeroen, you should also take care of “Excluding” devices from interactive subsystems where you do not want them to execute.

ADDWSE SBSD(*LIBL/INTERACT)
WRKSTN(PC*)
AT(*ENTER)
Otherwise your workstations could turn up active in subsystems where you do not want them to be.
Peter