OS/400, iSeries, i5, Backup & recovery, Hardware, Installation, Integration/Connectivity, Logical partitions, PC/Windows Connectivity, Performance/Tuning, Printing/Output, PTFs, Security, Server consolidation, System monitoring, Tools, tips and tricks
How do you re-enable the user id for STRSST when it has been disabled? 
Looking for relevant AS/400 Whitepapers? Visit the Search400.com Research Library.
mnman66 | Aug 1 2005 1:15PM GMT
This if for V5R1, I presume? If that is the case, you’ll have to reset the QSECOF service profile to it’s default value of QSECOFR. Sign on to the OS/400 with QSECOFR user profile, then run the Change DST Password (CHGDSTPWD)command, like this:
CHGDSTPWD *DEFAULT
After you have that complete, sign into DST and change the password to something you’ll remember. Then, I would recommend having more than 1 profile for your System Service Tools, Dedicated Service Tools.
mbelle | Aug 1 2005 1:29PM GMT
DST/SST at V5R1 came with 4 default users QSECOFR, 22222222, 11111111, QUSR. They had different levels of authority. In short at OS you do a CHGDSTPWD, to *default. then front panel into DST using 21 for limited DST screen and the system will make you change the default password. Go to the IBM infocenter for detailed instructions. Also when you reset the password you might want to add one of your own that is easier to remember. A gotcha for this area is the users and passwords can be case sensitive (even though the screen shows all caps). Hope this can get you started.
Console | Aug 3 2005 3:57AM GMT
What password are you trying to enable ? you can only enable QSECOFR password?
AlastairDK | Aug 3 2005 4:35AM GMT
Logon to the machine with a user profile with *SECADM privilages and use
WRKUSRPRF QSRV or WRKUSRPRF QSRVBAS to re-enable the user.
Riccardo | Aug 3 2005 5:12AM GMT
Use the command CHGDSTPWD PASSWORD(*DEFAULT). This has the effect of resetting the QSECOFR ID back the factory defaults. You have to be signed in with a profile that has *SECOFR authority to perform this task and it only works on OS/400 versions at 5.1 and above. The IBM InfoCentre has full explanations of this procedure.
Regards, Richard.
Programmers | Aug 3 2005 8:02AM GMT
Just try if you can use it after changing the password with:
CHGDSTPWD PASSWORD(xxxxxxxx)
Sign on as QSECOFR and enter the command CHGDSTPWD and prompt on it (F4). Enter *Default and press ENTER. The password for id QSECOFR will be set back to qsecofr (or it may be in caps). To change the password, when doing a STRSST and signing on press F9 to change the password.
If that does not work, you must go to Manual mode on the server. Select Function 21, sign on as QSECOFR, select DST, Option 5, DST Environment Option 3 Service.
DietmarTodtenhoefer | Aug 3 2005 11:29AM GMT
Reset the QSECOFR service tools user ID and password
If you know the password for the QSECOFR OS/400 user profile, you can use it to reset the password for the IBM-supplied service tools user ID that has service tools security privilege (QSECOFR) to the IBM-supplied default value by completing the following steps:
Ensure that the server is in normal operating mode, not DST.
Sign on at a workstation using the QSECOFR OS/400 user profile.
On a command line, type CHGDSTPWD (Change IBM Service Tools Password). You see the Change IBM Service Tools Password (CHGDSTPWD) display:
Change IBM Service Tools Pwd (CHGDSTPWD) Type choices, press Enter
Password . . . . . . . . . . . . *DEFAULT
Type *DEFAULT and press the Enter key. This sets the IBM-supplied service tools user ID that has service tools security privilege and its password to QSECOFR.
Attention: Do not leave the QSECOFR service tools user ID and password set to the default value. This is a security exposure because this is the value shipped with every iSeries server and is commonly known. See the Recommendations for managing service tools user IDs for more information.
TomLiotta | Aug 3 2005 2:43PM GMT
It can depend on what OS/400 VRM and what your system configuration was. First thing to try is to sign on to DST and take the following options:
Option 5 (Work with DST Environment)
Option 3 (Service Tools User Profiles)
If you can’t get into DST, then the next thing to try is to sign in as QSECOFR normally at the system console and enter this command:
==> CHGDSTPWD *DEFAULT
That will change the QSECOFR DST password back to its default value of QSECOFR (all upper-case).
But V5R2 has added a potential snag with this setting:
Allow a service tools user ID with a
default and expired password to change
its own password . . . . . . . . . . . . . . 1 1=Yes, 2=No
If that’s set at ‘2′ on your system, you might need an IPL in manual to get in to DST, etc.
Those comments are mostly general — if they help, fine. If not, maybe more details are needed about your setup.
Note that this is one reason why multiple security profiles are needed. IBM-supplied profiles shouldn’t be used except (1) to create secondary security profiles, (2) to change IBM-supplied default passwords and (3) to do tasks directed by (or done by) IBM to correct specific issues.
This advice includes normal user profiles such as QSECOFR, QPGMR, etc., in addition to DST/SST profiles. The procedure above where QSECOFR is used to do a normal console signon and then to access DST is an example of when an IBM-supplied profile would be used.
Tom
0