| |

Users and Groups in New Nav – User Profiles

I’ve focused on using Run SQL Scripts, so let’s switch and explore how to use New Nav to manage user and group profiles. Launch New Nav, choose the partition to manage (called a “node” in New Nav), and then go down to the icon that looks like a group of people, as shown in Figure…

| |

User Profile Changes in IBM i 7.5 – User Profiles

Tech Note IBM i 7.5 made several changes to the Create and Change User Profile commands. IBM made several changes in IBM i 7.5 to the Create and Change User Profile (CRT/CHGUSRPRF) commands. The most obvious is that the PASSWORD parameter now defaults to *NONE rather than *USRPRF. In other words, the profile will no…

| |

Group Profiles Without Members – User Profiles

Note that I’ve used group_id_number <> 0 to find the group profiles. When a profile is made a group (that is, it’s listed as a user’s group profile or one of its supplemental groups), it’s assigned a group ID (GID). Even after all of the members are removed from a group, it retains its GID,…

| |

Profiles with a Default Password – User Profiles

The Analyze Default Password (ANZDFTPWD) is great, especially if you’re just getting acquainted with IBM i, but I prefer to get information formatted in a way that helps me more easily analyze risk associated with those profiles. Let’s look at ANZDFTPWD. In addition to the name of the profile with a password that’s the same…

| | |

Limited Capabilities – User Profiles

You may also want to look at attributes such as the limited capability setting. Your review would be to make sure that any profile set to limited *PARTIAL or *NO really has a job requirement to use a command line. Inactive Profiles Finally, inactive profiles need to be managed so they can’t be used as…

| | | |

Analyzing User Profiles – User Profiles

It’s always good to begin at the beginning, so let’s do that. Basic Information Let’s start with the basics: SQL that mimics DSPUSRPRF *ALL to an outfile. Launch Access Client Solutions (ACS) and then click on Run SQL Scripts. When the window opens, type this: This Select statement provides information about all of the user…

| | | | |

QPWDLVL 4 – Moving to a Higher Password Level

A new password level, 4, was introduced in IBM i 7.5. This password level implements an even stronger method of encrypting the password. To facilitate the move to QPWDLVL 4, as of IBM i 7.5, IBM now generates passwords at QPWDLVL 2 and 3 that will work when the system is IPLed to QPWDLVL 4….

|

Moving to QPWDLVL 2 Then 3 – Moving to a Higher Password Level

The ultimate goal should be to get to password level 3 because password level 2 starts storing the old (and weak) Microsoft password again. You might be tempted to jump right to password level 3, but if something’s not quite right and you have to move back down to level 0 or 1, it’s going…

|

Changes That Occur with QPWDLVL 2 or 3 – Moving to a Higher Password Level

Setting changes to QPWDLVL requires an IPL. Here are the changes you’ll see after the IPL to level 2 or 3 from 0 or 1. Figure 4.1: The sign-on display after IPLing to QPWDLVL 2 or 3. Notice the increased length of the Password field. Figure 4.2: At QPWDLVL 2 or 3, the User password…