Resolution
Is there a report that will show what AS/400 command defaults have been changed?
goal
How do I determine which operating command defaults have changed?
fact
NetIQ Security Solutions for iSeries 8.0
fact
VigilEnt Security Agent for iSeries 7.5
fact
PSAudit 8.0
fix
To list operating system commands that have changed, you can run the Changed Objects Report (from PSMENU take options 1, 1, 5, and 7) and create a filter for commands in QSYS. This displays any recent changes to the commands. Please note that this report uses QAUDJRNÂ journal receivers for input and will only cover the date and time range that the receivers on your system will allow.
fix
To list operating system commands that have changed based on ODAPAR field in the object description, issue the following commands from an iSeries command line pressing Enter after each. This report is not dependent upon QAUDJRN and triggers upon the ODAPAR field in the object description.
DSPOBJD OBJ(QSYS/*ALL) OBJTYPE(*CMD) DETAIL(*FULL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/COMMANDS)
ADDLIBLE PSCOMMON
PSRUNSQL REQUEST('SELECT * FROM qtemp/commands WHERE ODAPAR = ''CHGDFT''') OUTPUT(*PRINT)
note
When CHGCMDDFT is run, the ODAPAR field is updated in the object description with the value CHGDFT. This can be seen with DSPOBJD using the Service option for the information labeled APAR ID. If a mistake was made and the default was put back to its original value, the object description still indicates CHGDFT.
For system supplied commands, the use of CHGCMDDFT also changes the field ODUMOD to 1 indicating a user change has been made. For user commands, ODUMOD is always set to 1 when a command is created. The value for ODUMOD can be seen with the Service information with the information labeled User modified.
For system supplied commands, it does not appear that there is any method for the user to change the ODAPAR value. If a PTF was applied that affected the command, the CHGDFT information would probably be lost.
For user commands, the ODAPAR value can be changed by the QLICOBJD API to any value desired.
The reason a system supplied command cannot be changed by the API is that the API supports an option that will prevent any further changes using the API. After a command (or any object) is created, you can run the API to state that the API cannot be used again. The option that Allows a QLICOBJD change cannot be seen with DSPOBJD, but the outfile field ODAAPI describes the setting. If you use CRTDUPOBJ to create a duplicate of a command, it retains the setting of the ODAAPI value.