The Disabled User ID list that is viewed through GO NETS or System i Navigator might be misleading. The following images display one way to access the NetServer Disabled User ID list. System i Navigator is a Microsoft® Windows® client GUI-based interface to operating system attributes and functions including NetServer server configuration, share configuration, and disabled users. The following link accesses information related to the GO NETS menu. Information on GO NETS can be found from a link on the NetServer home page. GO NETS is an operating system command-line interface for working with NetServer attributes natively using NetServer APIs. The methods used to list disabled users for NetServer are System i Navigator and GO NETS. These commands show only if a user profile is disabled for standard operating system access methods for example, 5250 (Telnet), FTP, Access Client Solutions, and other similar functions. Running the WRKUSRPRF command (Option 5 to display) or the DSPUSRPRF command does not show if a user is disabled for NetServer access. Messages issued for all user IDs disabled for NetServer within the time span covered by the current QHST History File can be seen by running the following command: This disabled user profile is added to the NetServer Disabled User ID list the next time the user attempts to connect to a NetServer resource. In this case, for the “la Chiffre” ransomware it was also quite simple because the cursed renames all the files it attacks with the “.When an IBM System i user profile is disabled for NetServer access, message CPIB682 is posted to the QSYSOPR message queue. The second one, the / QIBM, much more dangerous is probably an old reminiscence of the past, I personally believe I have never used it, but it is shared there and attacked by the damned viruses and ransomware.įortunately, there were all backups from the client and the offending directories were restored from the backup.
#Ibm i access client solutions netserver Pc#
The first one is a sharing for LDAP-like functions for IBM i if managed by tools on the PC side … in 90% of cases useless Damn, it must be some old IBM i default or someone has even voluntarily activated writing for some reason in the past … but it is a fairly widespread situation (at least among my clients). I check some other customers’ IBM i and find two shared folders everywhere, in some cases they are read and in others even read / write. Going deeper we found some shares with read-and-write authorities and in particular, a / QIBM directory that nobody remembers having ever shared or used. The cursed had gone so far and attacked the JAVA folders blocked everything based on that, such as the HTTP functions of SQL and other nice things.But the IBM i (indeed, the AS400 … how angry you are back to being the AS400 and not the IBM i … it’s like when children do something they don’t have to … they are always “your children” if you turn to your wife!) cannot be attacked by viruses.The virus (ransomware) has gone up to that / QIBM / … folder.
Going deeper I find that Java doesn’t work either … I finally get to the offending folder “/ QIBM / ProdData / OS400 / PASE / bin / java” which contains an imported number of files with the. I connect to the system and get some problems with HTTPGETCLOB, HTTPOSTCLOB functions widely used for Web Services from the IBM i world, strange errors return and the Joblog reports error messages when calling some Java functions from SYSTOOLS. Damn, as if we didn’t have enough viruses in this period!
Let’s get to the point of this specific situation: a client of mine calls me on the phone worried because, after spending the weekend trying to stem a damned ransomware virus circulating in the company, some features of IBM i no longer work. No… we are not talking about Nielsen ratings, but about shared IFS directories … they could be infected with viruses and malware coming from PC and other server and OS and even cause problems for our solid IBM i. Last Updated on 28 February 2020 by Roberto De Pedrini