1.  Home
  2. MIDRANGE-L
  3. May 2011

Re: Audit entry for PWDEXPITV

On Mon 05-May-2011 11:12 , fbocch2595@xxxxxxx wrote:
Another question is...is there any way for me to verify how long the
*USRPRF was expired after I've changed the password?

AFaIK a DSPUSRPRF taken sometime before having changed the password [but after the prior change] typically would be required, in order to see the "Date password last changed" date [and perhaps also the "Password expiration interval" setting if that also may have changed]. The answer could instead be determined, given [atypically] sufficient auditing of past changes [and possibly even the creation] of the user profile of interest; i.e. by a review of all T-CP for the specific user profile name, the question should be answerable given enough successive logged history of audited changes remain available.

I experienced a situation that seems much like this scenario... A program that "fixed" issues both with expiration interval reached and both default and trivial passwords ran scheduled on a system where I was eventually asked to investigate when and by-whom a change was made to give a user profile a trivial password. Unfortunately the program failed to collect DSPOBJD and DSPUSRPRF output before making the change, plus auditing was not active :-( With just those two pieces of information I might have been able to track down the likely responsible job with the history log, or if available, more directly "when" within the auditing to look for where the change would have been recorded. Those pieces of information are since vitiated by the "corrective action" of CHGUSRPRF to disable the expired user or set the user password to *NONE; i.e. the last change date of the object now indicates the correction versus when the problem arose, and a new password resets the last change date for the prior password.

The lesson... generally best to collect investigative\diagnostic information before attempting corrective action, because the correction might change information that is important to the investigation of the [origin of the] problem to be corrected. Or in the case of something that is audited, to be sure to have auditing active and maintained.

Regards, Chuck

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.