View Full Version : Set Password Expire on all User Profiles
01-01-1995, 02:00 AM
Karl, To literally do what you want. The easiest way would be to WRKUSRPRF *ALL. Then put a '2' on each profile and then on the command line put: PWDEXP(*YES) bill Karls wrote: Is it possible to set all User Profile passwords to expire globally? Or do I have to touch each profile in order to change it? (For instance I would like all passwords to expire on next Monday because a system operator will be leaving the company.....but I really don't want to have to touch each user profile to do this.) Any help would be appreciated. Thanks, KARL
04-02-1999, 10:51 AM
Karl, Just a a follow-on comment. Setting all of the passwords does not completely address the condition you are trying to head off. I will assume you want to expire everyone's password so that the operator can not come back and use a profile and password that he may have known while working there. You have two exposures, 1. Unless you have set the system to not allow previous passwords, nothing prevents the users from setting their password back to what it was. 2. The passwords will remain what they were until that profile signs on the next time. This works for everyone that signs on "soon" but what about those on vacation, or the "Q" profiles? I don't have an easy answer to address these points, I just wanted to make sure that you were aware of them. Bill Karl Schosser wrote: Is it possible to set all User Profile passwords to expire globally? Or do I have to touch each profile in order to change it? (For instance I would like all passwords to expire on next Monday because a system operator will be leaving the company.....but I really don't want to have to touch each user profile to do this.) Any help would be appreciated. Thanks, KARL
04-02-1999, 02:07 PM
On Sunday, March 28, 1999, 06:30 PM, Tim Raczek wrote: I'd like to go further with the 8 character profile. We at our company are setting up new passwords for people in a way that gives consistancy. First letter of first name followed by last name. My boss wants to have the paswords be 10 characters long. We will not be using OfficeVision and no directories to wory about. My question is would we be limiting ourselves in any way if we went to 10 character profiles instead of 8? No, if you ever need to add a directory entry you can always associate the user profile as follows; ADDDIRE USRID(ENTRY001 MYAS400) USRD(DESCRIPTION FOR FRODRIGUEZ) USER(FRODRIGUEZ)</p> ENTRY001 will be the directory entry name that you want to assign, in this case it could be FRODRIGU. <FONT COLOR="#0000ff"> When two go together one sees before the other.</font>
09-01-1999, 03:16 AM
Karl, You might want to look at 'GO SECTOOLS'. There are several ways of setting expirationdates for userprofiles in there, even by date. Good Luck, Rob.
10-11-1999, 12:21 PM
You could change the system value qpwdexpitv to 1 and then tomorrow they all will be expired.....Make sure tomorrow then you change it to 90 or whatever you prefer.....
10-12-1999, 08:40 AM
They would only be expired if they attepmted to log on though. If they didn't try to log on that day, then they wouldn't get expired. That's my understanding anyway. Regards, Jim Langston
10-19-1999, 06:45 AM
10-19-1999, 08:32 AM
You could try ANZPRFACT (analyze profile activity). This will disable all profiles that have not been used for "x" days. The command accepts from 1 to 366 days. I suppose you could run this command at 12:01am and specify 1 day. You can exempt some profiles from being disabled by using the command CHGACTPRFL. The IBM supplied user profiles cannot be disabled with ANZPRFACT. Chris
Powered by vBulletin® Version 4.1.5 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.