Unattended Workstations: Managing Unattended Workstations on the IBM i
Do you fail to sign off (logoff) when you walk away from your desk? Doing so leaves you vulnerable to risks both internally and externally that can be devastating to both you and your company.
Unsecured unattended workstations allow anyone walking by to use your workstation ID and even your user ID to access the system. All activity done by this person will be recorded as done by you!
Fear not, these risks can be easily averted with with a few simple fixes. There are two system values provided by IBM that can help secure your workstation. The values allow you to assign a fixed timeout period for the workstation, so it sits idle without anyone pressing the enter key or a function key before the system takes a predetermined action.
IBM offers a system wide (applies to everyone) way to control people that walk away leaving their IBM i sessions logged on. Enter system value QINACTITV then enter the inactivity period below to trigger note: This is only for LOCAL JOBS not remote telnet sessions or display station pass-through.
As seen below, the system value QINACTMSGQ allows you to define a message queue to receive the message CPI1126 alerting of this condition (indicating the job ID and subsystem the job is running in), or ending the job running at the workstation or temporarily disconnecting the job, if disconnecting is possible.
Though the IBM solution helps secure the workstation, IBM provides no way to have individual settings for workstations or user profiles or programs. No way to customize this inactivity action.
SEA’s iSecurity SCREEN product will allow you to customize how the system deals with inactive workstations. You can define exceptions for users, work stations or programs.
When using iSecurity SCREEN, use the command STRSCN to access the product menu.
Option 1 is used for setting the time period, which can be altered on various levels, one being day of the week.
Option 11 allows you to define your exception (longer or shorter) for individual users.
Option 12 allows you to define exceptions for a screen or workstation.
If there is one program that runs interactively and may on occasion run for a long time without any keyboard input, iSecurity SCREEN allows you to define an exception for that particular program.
