Re: best way to give user rights to unlock accounts

That's a dangerous situation. They can destroy your entire system without
ever touching a green screen via FTP or ODBC, etc. Security by ignorance is
no security at all.



"Jim Thedorf" <jim.thedorf@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8T_ag.8789$aa4.286538@xxxxxxxxxxxxxxxxxxxxxxxx
I had this same problem. I created a UserProfile with the following
options:

User profile . . . . . . . . . . . . . . . : WHADMIN


User class . . . . . . . . . . . . . . . . : *SECADM
Special authority . . . . . . . . . . . . : *ALLOBJ
*SECADM
Initial menu . . . . . . . . . . . . . . . : WHADMIN
Library . . . . . . . . . . . . . . . . : QGPL
Limit capabilities . . . . . . . . . . . . : *YES


I then created the menu WHADMIN, and it had 2 options. The first option
has a CL that promts for a UserID and then resets that UserID's status to
*ENABLED. The second option was to SIGNOFF. The menu had a short command
line so commands could not be typed in.


Jim


"Gary Massengale" <garym_jacksonfurniture@xxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:wk_ag.8$Q_5.7@xxxxxxxxxxx
we have people out in our warehouse who use tethered guns attached to
green screens to scan in inventory.

the problem we are running into is that they seem to keep locking
themselves out.

we even barcoded their username and password so all they have to do is
scan it in but they still seem to be able to lock themselves out.

we took away the command line and did other things to lock the screen
down before doing that.

I have been told that we cannot expect these people to be able to login
correctly, as they do not have much in the way of education, so this is a
problem we have to deal with.

we do not currently have a 2nd shift IT staff, but the warehouses do at
times run 2nd and third shifts, so somtimes they can lock themselves out
and there is no one here to unlock them.

I have been asked to give someone in the warehouse the ability to unlock
these accounts.

what is the best and safest way to do this? I dont want to give a shift
supervisor user security office or anything like that, but management
wants me to give this guy the ability to unlock these accounts in the
evenings so as not to hold up production.

any advice would really be appreciated.

gary








.

Relevant Pages

  • [UNIX] IBM eGatherer ActiveX Code Execution (PoC, Exploit)
    ... Get your security news from a reliable source. ... IBM eGatherer ActiveX Code Execution ... my $class = shift; ... sub Exploit ...
    (Securiteam)
  • Re: Help! Stop the shift from unlocking database
    ... ah..so you mean that shift code i just asked about up above ...can't be ... stopped unless user level security is activated. ... > There is no menu option for disabling the shift key. ...
    (microsoft.public.access.forms)
  • Re: database open control
    ... If a database password, the shift key shouldn't matter. ... If you've applied user-level security (so that users have to provide both a ... If you've applied your own security, ...
    (microsoft.public.access.formscoding)
  • Re: Why 64bit Delphi compiler from Borland may be meaningless!
    ... contemporary key sizes, a shift from 32-bit to 64-bit might, in typical ... this would leave room for security ... parameter changes, more frequent full handshakes, etc. ...
    (borland.public.delphi.non-technical)
  • Re: [patch] mlock-as-nonroot revisted
    ... > On unlock the quota gets deducted from the user who ... I agree there aren't security issues, but it's still very wrong to ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)