RPGIV @ Work

A unique site for RPG and System i Lovers


Hi, this site will provide all what you need in System i and RPG developments.

My Name is Chamara Withanachchi, System i Expert and RPG Developer. And in the field for last 11 years.

I hope you will find lot of valuable information from this site

ANZDFTPWD Print E-mail
User Rating: / 0
Written by Chamara Withanachchi   

Finding your default password users is easy. Simply run the following Analyze Default Password (ANZDFTPWD) command and you'll get a listing of all system users whose password is equal to their user profile name.


Even though *NONE is the default setting for the Action Taken Against Profiles (ACTION) parameter, ANZDFTPWD can also be set up to either:

1) automatically disable all user profiles with default passwords;
2) automatically expire the passwords for all default password profiles.

If you run the command with an action of *NONE, ANZDFTPWD simply produces a report which can look at and determine which profiles need to take action for.

After you run ANZDFTPWD, you can examine the generated report to help you straighten out any obvious issues that you don't want the auditors to see. After making adjustments, you can then rerun the report, and give the second report to the auditors.

As produced, the generated ANZDFTPWD report tells you two things about each default password user profile.

Is the user profile active or disabled (*ENABLED or *DISABLED)?
Is the user profile's Password Expiration (PWDEXP) parameter set to *YES or *NO?

The command also issues the following CPC2232 message to your desktop and to your joblog:

"&1 user profiles have default passwords of which &2 have the status of *ENABLED"

Where parameter 1 (&1) equals the total number of default password users and parameter 2 (&2) is equal to the number of default password users whose user profiles are enabled.

With this information (total number of active users with default passwords as well as which individual users have active non-expired default passwords), you can respond to the auditors depending on how serious the issue is. If it turns out that the majority of your default password users are disabled or have expired passwords, you may be able to remediate the problem by correcting the remaining user profiles and running ANZDFTPWD a second time. After settling on a course of action, you can run ANZDFTPWD in one of the following two modes.


Running ANZDFTPWD with the ACTION parameter equal to *PWDEXP, sets all the default password user passwords to *EXPIRED, which means that those users will have to change their passwords the next time they sign on, eliminating each user's default password problem. The second option, where ACTION is set to *DISABLE, disables ALL of your default password users, which can put a number of active users immediately out of commission.

<Previous   Next>