How to Get There
To display the Secure Screen menu, select option 1 from the Utilities Menu.
What it Does
The Powertech Powertech Exit Point Manager for IBM i Secure Screen menu offers a launchpad for Secure Screen settings. Because Secure Screen helps you secure inactive sessions, it can help prevent security breaches or excessive damage caused when a person accesses a workstation that has been left physically unattended. Powertech Secure Screen both protects your IBM i system in the case of an inactive session, it also allows you to set different precautions for each profile on your IBM i system.
An inactive session on an IBM i system is a major security risk. If someone with QSYSOPR authority leaves their desk, you want to be sure that everything is secure. You need a dependable method of securing the IBM i.
Secure Screen lets you specify that if a session is inactive for a specified amount of time, the machine will time out and end jobs, or send a warning message. It also can send a notification to an administrator's message queue.
Options
1. Start Secure Screen Monitor
Select option 1 or use the command (STRPLSSMON) to start the Secure Screen monitor job.
2. End Secure Screen Monitor
Select option 2 or use the command (ENDPLSSMON) to end the Secure Screen monitor job.
3. Set Secure Screen Notification Message Queue
Select option 3 or use the command (LSETPSSNFQ) to open the Set Secure Screen Notification Message Queue panel. This panel allows you to set the notification message queue for Secure Screen to the message queue you specify on the MSGQ() parameter.
10. Work with Secure Screen Filters
Select option 10 to open the Rules Maintenance panel. The Edit Secure Screen filters function maintains the filters file PSSNAP. Filters are applied to jobs that reach an inactive timeout. The action taken depends on the filter that first matches the characteristics of the inactive job.
LCKDSP Command
The LCKDSP command can be used to lock your own screen, or it can be run with a qualified job name to lock some other screen (i.e. it can be run by a monitor program that detects screen inactivity).
It can be used instead of the IBM DSCJOB command. DSCJOB is not allowed if you are using an emulator or pass-through with an automatically assigned workstation ID. LCKDSP can be used anywhere.
To unlock, press Enter and type your password.
There are a limited number of password attempts allowed. If you make too many incorrect attempts, no further attempts will be allowed and you will either have to sign-off using sysreq-90, or you can contact your support desk to unlock you using the UNLDSP command.
You need system value QALWJOBITP = 2 to use this utility.
LCKDSP JOB Command
You can use the LCKDSP JOB(nbr/user/job) to lock some other display. To do so, you need *JOBCTL special authority unless the other job is the same job user.
When a screen is locked, a screen saver is displayed. The screen saver is comprised of a small window that moves to a random position every 5 seconds. Press Enter, and enter your password to unlock. If you type the incorrect password enough times (see system value QMAXSIGN), the error "You have used the maximum allowed number of attempts to enter your password." is displayed and the password input field is no longer shown. To recover, either sign-off using Sysreq-90 or get an authorized user to unlock your display using UNLDSP command.
Once you have used up your password attempts, you must sign off and on to get more attempts.
If your display gets locked after you have already used up all your password attempts (see system value QMAXSIGN), you get the usual window and the usual Unlock Display screen when you press Enter, with the password input field showing. But, the password will be ignored even if correct, and the password field will then disappear.
While the display is locked, system request-2,4,5 and 6 are disabled, whether done via the system request menu or directly. All other system request options are allowed. Attention key is also disabled.
UNLDSP Command
You can use the UNLDSP JOB(nbr/user/job) to unlock a display that was locked by the LCKDSP command. You need *ALLOBJ special authority, or specific *USE authority on the command.
Command Keys
F3 (Exit): Exit the menu.
F4 (Prompt): Provides assistance in entering or selecting a command.
F7 (Select System): Use this command key to work with data from a different System.
F9 (Retrieve): Displays the last command you entered on the command line and any parameters you included. Pressing this key once shows the last command you ran. Pressing this key twice shows the command you ran before that, and so on.
F12 (Cancel): Exit the screen without processing any pending changes.
F21 (Alerts): Displays the Alerts panel where Powertech products can post errors, warnings or other general notifications to the administrator.
F22 (Status): Displays the Operational Resources pop-up window containing the status of several operation aspects of Powertech products.