If I get an answer from Support I will share with the list so that we aren't guessing what the function really is. Dave ------------------------- [email protected] (Wireless)
________________________________ From: Action Request System discussion list(ARSList) <[email protected]> To: [email protected] <[email protected]> Sent: Thu Sep 03 17:48:41 2009 Subject: Re: Question concerning Application-Invalidate-User Ø So would it still scramble the password? No –the password management rules apply to passwords stored within AR System. If your password management is done through AD, then the rules that AD puts in place would be used. The password management system in 7.1.00 was put in place for those customers who don’t use an external source for authentication and still wanted a higher level of control simliar to that found in other systems. Ø Is the an accompanying undocumented run process command that would reverse the disable? Nope. Once it’s scrambled, you’d have to set it to a new value. This all, of course, assuming I’m right about that being what the run process does. But I do know that the disable that occurs, for example, after too many failed login attempts does scramble that password – and you can’t unscramble it. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Sent: Thursday, September 03, 2009 2:16 PM To: [email protected] Subject: Re: Question concerning Application-Invalidate-User ** We have integrated with Active Directory and the User records have blank passwords. So would it still scramble the password? Is the an accompanying undocumented run process command that would reverse the disable? It just would be nice to have this command documented some where instead of guessing what it does. I can cause the same effect by having a filter set the password field with a scrambled word, maybe a guid, that would accomplish the same thing. Then it's at least easier to figure out what it's doing and how to reverse the effect. Dave ------------------------- [email protected] (Wireless) ________________________________ From: Action Request System discussion list(ARSList) <[email protected]> To: [email protected] <[email protected]> Sent: Thu Sep 03 16:48:28 2009 Subject: Re: Question concerning Application-Invalidate-User I haven’t really looked into this too deeply, but my gut feeling would be that this overwrites the password so that the original password hash will no longer work. That’s how the accounts are disabled, so it’d make sense. -David J. Easter Sr. Product Manager, Solution Strategy and Development BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Shellman, David Sent: Wednesday, September 02, 2009 12:00 PM To: [email protected] Subject: Question concerning Application-Invalidate-User ** We recently upgraded our app server from 7.0.1 to 7.1 (Windows server connected to Oracle). After the upgrade I have been looking at the new filters associated with password management with 7.1. I noted a filter called User:DisableUserAccount. The Run If is fairly straight forward with ($USER$ = "AR_ESCALATOR" ) AND ( 'Status' = "Disabled") AND ( 'Account Disabled Date' != $NULL$ ) AND ( 'Account Disabled Date' > 'Last Password Change For Policy') The Run Process executes Application-Invalidate-User $Login Name$. I can not find any reference to Application-Invalidate-User in the 7.1 or 7.5 documentation. If anyone could point me to documentation concerning Application-Invalidate-User it would be greatly appreciated. Dave Dave Shellman Phone: (717) 810-3687 Fax: (717) 810-2124 email: [email protected] Tyco Electronics MS 161-043 PO Box 3608 Harrisburg, PA 17105-3607 _Platinum Sponsor: [email protected] ARSlist: "Where the Answers Are"_ _Platinum Sponsor: [email protected] ARSlist: "Where the Answers Are"_
