[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference vaxaxp::vmsnotes

Title:	VAX and Alpha VMS
Notice:	This is a new VMSnotes, please read note 2.1
Moderator:	VAXAXP::BERNARDO

Created:	Wed Jan 22 1997
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	703
Total number of notes:	3722

148.0. "Need command file for account usage" by ACISS2::DATZMAN (Vee Vont To Pomp You Up) Thu Feb 06 1997 08:47

    Has anyone written a command file that determines which VMS accounts
    have not been used for a given period of time and automatically DISUSER
    these accounts?  
    
    I know there is a similar function in DECinspect that
    product would be overkill for my needs.
    
    Any help is much appreciated.
    
    Dick

T.R	Title	User	Personal Name	Date	Lines
148.1		POMPY::LESLIE	Andy, DEC man walking...	`Thu Feb 06 1997 09:19`	108
	This is a quick'n'dirty I wrote a while back. Hack away... -----------------------------< cut here >------------------------------ $ set noveri $ on control_y then goto eof $ goto after_header This routine parses the UAF output to show who last logged in when and generates a comfile to disuser people who have been out a month or more andy leslie $after_header: $ $ def/user sys$output sys$scratch:uaf.lis $ mc authorize show [,] $ close/nolog infile $ close/nolog outfile $ open/read infile sys$scratch:uaf.lis $ open/write outfile sys$scratch:uaf.parse $ open/write disuser sys$scratch:disuser.com $ write disuser "$AUTHORIZE" $loop: $ read/err=eof infile inrec $ if f$elem(0," ",inrec) .nes. "Username:" then goto loop $ uaf_username=f$edit(f$extract(10,20,inrec),"TRIM") $ !sho sym uaf_username $miniloop: $ read/err=eof infile inrec $ if f$elem(0," ",inrec) .nes. "Last" then goto miniloop $ ! $ ! get last interactive and non-interactive login values from UAF $ ! $ last_interlogin=f$edit(f$extract(12,18,inrec),"TRIM") $ last_batchlogin=f$edit(f$extract(45,18,inrec),"TRIM") $ ! $ if - (("''last_interlogin'".eqs."(none)") .and.("''last_batchlogin'".nes."(none)")) $ then $ ! If the account has never been logged into interactively then $ ! use the batch date $ last_interlogin = "''last_batchlogin'" $ last_login = "''last_batchlogin'" $ endif $ if - (("''last_interlogin'".nes."(none)") .and.("''last_batchlogin'".eqs."(none)")) $ then $ ! If the account has never been logged into non-interactively then $ ! use the interactive date $ last_batchlogin = "''last_interlogin'" $ last_login = "''last_interlogin'" $ endif $ $ if last_interlogin .eqs. "(none)" ! meaning both by now $ then $ write sys$output "''uaf_username' has never logged in" $ write outfile "''uaf_username' has never logged in" $ write disuser "mod ''uaf_username' /flag=disuser/expire=yesterday" $ goto loop $ endif $ $ interdate = f$cvtime(last_interlogin,"COMPARISON") $ batchdate = f$cvtime(last_batchlogin,"COMPARISON") $ $ !sho sym cfd* $ $ if "''interdate'" .gts. "''batchdate'" $ then $ ! set the last login date to the interactive date $ $ last_login = "''interdate'" $ cfdate = "''interdate'" $ $ else $ $ ! set the last login date to the non-interactive date $ $ last_login = "''batchdate'" $ cfdate = "''batchdate'" $ endif $ $ !sho sym last_login $ ! date = f$cvtime(last_login,"ABSOLUTE") $ ! cfdate = f$cvtime(last_login,"COMPARISON") $ tdate = f$cvtime("TODAY","ABSOLUTE") $ today_minus30_cf = f$cvtime ("''tdate'-30-") $ ! today-30 in comparison format $ today_cf = f$cvtime (tdate,"COMPARISON") ! today in comparison format $ if "''cfdate'" .gts. "''today_minus30_cf'" $ then $! write sys$output "''uaf_username' last logged in ''last_login'" $! write outfile "''uaf_username' last logged in ''last_login'" $ else $! write sys$output "''uaf_username' last logged in ''last_login' 1 month+ " $ write outfile "''uaf_username' last logged in ''last_login' 1 month+ " $ write disuser "mod ''uaf_username' /flag=disuser/expire=yesterday" $ endif $ goto loop $eof: $ close/nolog infile $ close/nolog outfile $ close/nolog disuser $ deletex/nolog sys$scratch:uaf.lis;* $ purgex sys$scratch:uaf.parse $ purgex sys$scratch:disuser.com
148.2	Excellent!	34860::DATZMAN	Vee Vont To Pomp You Up	`Thu Feb 06 1997 09:55`	5
	Very nice!! Thanks, Dick
148.3		AUSS::GARSON	DECcharity Program Office	`Thu Feb 06 1997 16:44`	10
	re .0 Another approach is to use account expiration i.e. the account expires every e.g. 3 months and you list people who are about to expire but have logged in within the last 3 months and bump forward the account expiration. This is a more vicious approach. Or you could use password lifetime with no forced password change. I think this has the effect of preventing login if no login occurs within the password lifetime but the user is not actually DISUSERd.
148.4		POMPY::LESLIE	Andy, DEC man walking...	`Fri Feb 07 1997 04:21`	7
	> Or you could use password lifetime with no forced password change. I > think this has the effect of preventing login if no login occurs > within the password lifetime but the user is not actually DISUSERd. <shudder> You think System Managers aren't busy enough?