User Profiles Disabled

Guest.Visitor · 08-29-2005 10:32 AM

I believe you can set the system console to manual mode and then select option 21 to enter DST. Then go through the menu options to reset the QSECOFR password.

Guest.Visitor · 08-30-2005 07:48 AM

Scott Cargill wrote: > I believe you can set the system console to manual mode and then > select option 21 to enter DST. Then go through the menu options to > reset the QSECOFR password. The problem with this is that they would need to know the passwords for the DST profiles. I guess they could go into SST and try them out to see if they luck out and some of them are still at their defaults. Bill

Guest.Visitor · 08-30-2005 07:52 AM

Dave Fulton wrote: > I have a customer whose main IT person left their business abruptly. > On his way out he disabled all user profiles that had *SECADM > authority & they have no idea what their DST password is. Short of > scratching their system & starting over does anybody have any ideas > on how to get a user profile back with *SECADM. We tried the > RSTUSRPRF command from their last system save but of course this > didn't work since the user doing the restore didn't have *SECADM. It seems to me that a friendly call to the ex-employee notifying him that he will be receiving a bill for any charges the company has to expend to recover the machine would fix the situation. Choice phrases such as "negative credit reporting entries", "possible civil action" might be motivational as well. Maybe do some research to provide evidence that judges don't look favorably on ex-employees that do this kind of thing. I heard once that IBM will come out and, for a charge, reset the QSECOFR password. Bill

**David Abramowitz** · 08-30-2005 10:13 AM

If you have a maintenance contract, and IBM needs to use DST, there is no extra charge. Dave

Guest.Visitor · 08-30-2005 12:01 PM

Find a user with *ALLOBJ authority and have that user submit a job to batch as the disabled *SECADM user to *ENABLE the *SECADM user. Disabled profiles can still run batch jobs. If it's an IBM user profile that has *ALLOBJ, put that batch job on the job scheduler (can't submit a Q user as the user of a batch job normally). Chris

**roadgeek1** · 09-02-2005 12:07 PM

If they have twinax, Try connecting a display to port 0 switch 0. I think you can sign on QSECOFR on port 0 switch 0 even if it is disabled???

**tegger@comcast.net** · 09-05-2005 05:27 AM

Now the fun question: Are they going after the guy?? That strikes me as a valid reason to sue him for business interruption.

**fulton@pfw.com** · 09-06-2005 12:07 PM

Thx for all the responses guys/gals - Chris - your idea worked - they were able to re-enable the profile through a job scheduler entry. This seems like a small hole that IBM has left open - good to know it is there if it ever happens again & Yes they are taking legal action against their ex-employee. thx Dave

gtrevino · 09-08-2005 11:55 AM

do you have the exact documentation on how you did this - i'd like to have a copy of that - thanks.

brunfish@newnorth.net · 11-13-2005 06:11 PM

IBM has set QSECOFR so that you can sign on at the system console even when it is disabled.

Thread: User Profiles Disabled

Thread Tools