QSECOFR password got disabled or forgotten?
Don’t worry we have the ways to reset
Thanks to Mr. Maran Ganapathy, Founder,PMS information system, Chennai.
Use a duplicate profile
If we have a duplicate user profile that has *SECOFR authority on the system then, when QSECOFR is disabled, or we forget the password, this profile can run the Change User Profile (CHGUSRPRF) command to reset QSECOFR's status to *ENABLED or to change the password.
Use system console
OS/400 allows QSECOFR to sign on to the system console (but not anywhere else) after the profile is disabled. So, if OS/400 automatically disabled QSECOFR because of an attempted hack, our disabled QSECOFR profile can still sign on to the system console, and we can use CHGUSRPRF to reenable the profile from there, as long as we know what the current QSECOFR password is.
Use DST menu
Go DST menu to reset the password to its default setting of QSECOFR.
DST Menu can be invoked before you IPL our iSeries or AS/400, so here are the steps to bring up DST during an OS/400 V5R1 manual IPL, and to use it to reset the QSECOFR user profile to its default password:
1. Put AS/400 machine into manual mode through the control panel for nonpartitioned machines. For partitioned machines, sign on to your primary partition and use the Work with System Partitions option, under the System Service Tools (STRSST) menu, to change your partition's startup mode to "Manual." IPL the system.
2. OS/400 will display the Use Dedicated Service Tools menu before it IPLs. Select option 5 (Work with DST Environment) from that menu.
3. When the DST sign-on screen comes up, sign on with the DST security capable user ID of QSECOFR. (Note: This is a DST-only ID that is maintained separately from the QSECOFR user profile.) The default DST QSECOFR user password is also QSECOFR.
4. Select option 6 (Service Tools Security Data) from the Work with DST Environment menu.
5. Select option 1 (Reset Operating System Default Password) from the menu that appears, and follow the directions to reset the QSECOFR password. After executing this option, the QSECOFR user profile password will be reset to its default value of QSECOFR for this IPL only.
6. Exit back to the Use Dedicated Service Tools menu, and select option 1 to IPL your system.
7. When the system comes up, change the QSECOFR user profile to *ENABLED (if it's currently set to *DISABLED), and be sure to change QSECOFR's password to another password that is harder to crack
If we have a duplicate user profile that has *SECOFR authority on the system then, when QSECOFR is disabled, or we forget the password, this profile can run the Change User Profile (CHGUSRPRF) command to reset QSECOFR's status to *ENABLED or to change the password.
Use system console
OS/400 allows QSECOFR to sign on to the system console (but not anywhere else) after the profile is disabled. So, if OS/400 automatically disabled QSECOFR because of an attempted hack, our disabled QSECOFR profile can still sign on to the system console, and we can use CHGUSRPRF to reenable the profile from there, as long as we know what the current QSECOFR password is.
Use DST menu
Go DST menu to reset the password to its default setting of QSECOFR.
DST Menu can be invoked before you IPL our iSeries or AS/400, so here are the steps to bring up DST during an OS/400 V5R1 manual IPL, and to use it to reset the QSECOFR user profile to its default password:
1. Put AS/400 machine into manual mode through the control panel for nonpartitioned machines. For partitioned machines, sign on to your primary partition and use the Work with System Partitions option, under the System Service Tools (STRSST) menu, to change your partition's startup mode to "Manual." IPL the system.
2. OS/400 will display the Use Dedicated Service Tools menu before it IPLs. Select option 5 (Work with DST Environment) from that menu.
3. When the DST sign-on screen comes up, sign on with the DST security capable user ID of QSECOFR. (Note: This is a DST-only ID that is maintained separately from the QSECOFR user profile.) The default DST QSECOFR user password is also QSECOFR.
4. Select option 6 (Service Tools Security Data) from the Work with DST Environment menu.
5. Select option 1 (Reset Operating System Default Password) from the menu that appears, and follow the directions to reset the QSECOFR password. After executing this option, the QSECOFR user profile password will be reset to its default value of QSECOFR for this IPL only.
6. Exit back to the Use Dedicated Service Tools menu, and select option 1 to IPL your system.
7. When the system comes up, change the QSECOFR user profile to *ENABLED (if it's currently set to *DISABLED), and be sure to change QSECOFR's password to another password that is harder to crack
