Rob,

<Help desk uses ISIM to reset it.

So the ISIM is a manual reset, not automated, correct.

Paul

From: Rob Berendt [mailto:rob@xxxxxxxxx]
Sent: Monday, June 25, 2018 11:40 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Password reset tool

User forgets their Windows password,
tries a few times,
calls help desk,
Help desk uses ISIM to reset it.
User logs into Windows and changes their password
Password gets propagated to IBM i and Notes.

Not a JDE shop.

Yes it handles when a single Windows user has multiple IBM i accounts on a single lpar. Including a coworker who is active on this list
Multiple lpars, no problem.
[cid:image001.gif@01D40C79.A359BB50]

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com<http://www.dekko.com/>





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
Date: 06/25/2018 11:15 AM
Subject: RE: IBM i Password reset tool
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
________________________________



Rob,

<Clarifying, when you re-set the password in ISIM, this resets all passwords linked to that user, correct?

1) Can you confirm this?
when you re-set the password in ISIM, this resets all passwords linked to that user, correct
Windows, IBM I (possibly multiples), JDE, etc.

2) Is this re-set a manual or automated process?

3) How do you handle the situation were the user can't log into their PC?

Paul



-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Monday, June 25, 2018 9:23 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Password reset tool

We do not use EIM/SSO anymore.
We did a brief foray into that when we were using biometrics to log on.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com<http://www.dekko.com/>





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 06/25/2018 09:20 AM
Subject: RE: IBM i Password reset tool
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Rob,

Clarifying, when you re-set the password in ISIM, this resets all
passwords linked to that user, correct?
Will ISIM work in conjunction with EIM SSO without any issues.

Thanks
Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Monday, June 25, 2018 8:42 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Password reset tool

We reset their password in ISIM which resets their password in Windows,
IBM i, etc.
They sign on to Windows. When they change their password in Windows an
ISIM hook then propagates it to ISIM, IBM i, Notes, etc.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com<http://www.dekko.com/>





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Date: 06/25/2018 07:58 AM
Subject: RE: IBM i Password reset tool
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Rob,

How do handle the IBM user account, user tried three times, device got
varied off (we auto vary the device back on in 30 minutes), now has
submitted a helpdesk ticket for a password reset because they forgot their

password.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob

Berendt
Sent: Monday, June 25, 2018 6:51 AM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Password reset tool

One has to be careful with passwords for accounts which never sign on. For


example, accounts used to run scheduled jobs only. You may want to start
out with reports only and only when you feel comfortable with the outcome,


change to automatic actions.

We do not disable accounts with too many sign on's, only the device. In
theory one could launch a Denial Of Service attack on your system by
looking at message queues in QUSRSYS and signing on three times with a
password of hatethisjob (unless they find some one user with that
password).

Our message queue monitoring software does trap some of these. Users on
our scanning devices have real difficulties signing on. We vary the
device back on three times before giving up. All automatic.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com<http://www.dekko.com/>





From: "Musselman, Paul" <pmusselman@xxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 06/22/2018 04:05 PM
Subject: RE: IBM i Password reset tool
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Set QMAXSGNACN to 3 - Disable Device and Profile??

Or do you want the profile (or a specific profile) re-activated?

We have several scheduled jobs for passwords:

- change any profile that has never signed on to
PASSWORD(*NONE)
- change any profile not used in 180 days to
PASSWORD(*NONE)
- change profiles with passwords older than 60 days and
not used will be DISABLED
- for selected shop floor accounts that get disabled,
re-enable them automatically.

Most of these are based on DSPUSRPRF to an outfile, then reading that file


(in a CLP) and doing appropriate things.

Paul E Musselman
PaulMmn@xxxxxxxxxxxxx

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Friday, June 22, 2018 3:53 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: IBM i Password reset tool

Monitor for CPF1397

Cause . . . . . : The maximum number of sign on attempts specified by
system
value QMAXSIGN has been reached. The device has been varied off for
security reasons.

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Musselman, Paul
Sent: Friday, June 22, 2018 3:39 PM
To: Midrange Systems Technical Discussion
Subject: RE: IBM i Password reset tool

Reset how? Automatically assign a new password after so many days? We
just set the Password Expiration Interval. There are a few profiles, like


QSECOFR, that don't reset ever...

Paul E Musselman
PaulMmn@xxxxxxxxxxxxx

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Friday, June 22, 2018 3:31 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: IBM i Password reset tool

Anyone in the group using a tool that will reset an IBM I passwords,
either automatically or based on some other criteria?

Thank You
_____
Paul Steinmetz
IBM i Systems Administrator

Pencor Services, Inc.
462 Delaware Ave
Palmerton Pa 18071

610-826-9117 work
610-826-9188 fax
610-349-0913 cell
610-377-6012 home

psteinmetz@xxxxxxxxxx
http://www.pencor.com/

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.