Cleaning up the house...

This post is, of course, too late, but I am enough of an egotist to ignore that. If you have a system where everyone is *SECOFR and/or enjoys *ALLOBJ, save the system and all security information, kick QSECLVL down to 20. Change all users to USRCLS(*USER) SPCAUT(*USRCLS). Strip all special authorities out of the libraries and objects. Change QCRTAUT to *USE or *EXCLUDE as appropirate, change all IBM provided libraries (specially QSYS) so that CRTAUT is *CHANGE, change all other libraries so that CRTAUT is *SYSVAL. Identify your applications, the libraries used by the applications. Identify or create a group profile to own the application. Change object ownership for each application/application libraries to the appropirate group profile. Add the user profiles to the appropriate group. MINIMIZE job descriptions, MINIMIZE profiles that DO NOT have a group profile (DSPAUTUSR). MINIMIZE authorization lists. When you think you are done, on a weekend with one application group, change QSECLVL to 30 and test. Kick back down to 20. Repeat for each application. When everyone signs off that their application works under SECLVL 30 (test EVERYTHING, printing, file transfer, remote commands, etc. etc.), kick it back up to 30, and make a private commitment to yourself to NEVER TAKE this kind of a THANKLESS JOB again.

Cleaning up the house...

You might be able to reduce the amount of work you need to do by eliminating all redundant files, pgms and other system objects. I run a pgm once a week on our 400 that scans all production libraries for objects not used for more than 6 months, and moves them to a 'quarantine' library. (there's a few refinements to it, like a file of objects not to be moved, and object types not to be scanned for). There's usually 20 to 30 objects dropping out of the system every week (and over 3,000 when I ran it for the first time last year).

Cleaning up the house...

You would really be suprised at how common this problem is. I had a software vendor come in for an install. The first time any user called with a problem her solution was to givwe them *allobj. This was what she did at each office she installed.

Cleaning up the house...

and make a private commitment to yourself to NEVER TAKE this kind of a THANKLESS JOB again. Thanks, Billy, for a dose of humor in what is definitely a less than humorous situation. And also, thanks for an excellent step-by-step procedure for securing an unsecured machine. I'm keeping this one in my files... src="//www.zappie.net/java/_derived/index.htm_cmp_zero110_vbtn_p.gif" width="140" height="60" border="0" alt="Java400.net - Java/400 Freeware" align="middle"> Java400.Net - where the AS/400 speaks Java with an RPG accent Home of PBD2.0, the color=red>FREE Java/400 Client/Server color=blue>Revitalization Toolkit

Cleaning up the house...

Hi to all, Thanks for the input, I am currently trying to get the cleaning-activities to coincide with other projects. For instance, this customer wants to move this AS/400 to a logical partition on his new AS/400(the other partitions are for the new JDE-software...). So in the process of preparing for that move I am looking at possible cleaning-options. The disaster-recovery isn't set up good enough so..... same applies there, etcetera etcetera... I will publish the results on this forum but it may take a while this way... Rob. Oh and PS : I always seem to get these cases...;-)))