Please review the following information before updating Command Security.
When updating Command Security in an HA environment
- Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles.
- Stop the replication of objects in the product libraries (PTCSLIB and PTWRKMGT).
- Update Command Security on the HA and production systems.
- Setup Command Security replication per the HA Setup instructions. To view these instructions, download Command Security HA Setup.
- Start replication (including the user profiles and objects in the product libraries).
It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Command Security installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.
To update Powertech Command Security on your system, the following system values that control object restores must be configured as shown.
- Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Command Security programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
- QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Command Security product library PTCSLIB for the product to function properly.
- Set QVFYOBJRST to 1, 2, or 3. This allows Command Security to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the Command Security install process completes.)
- Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.
Command Security requires the following:
- IBM i (i5/OS, OS/400) version V6R1 or higher
- IBM i V5R4: PTF Group SI30557 installed
- IBM i V6R1: PTF Group SI30619 installed
- IBM i V6R1: PTF SI58104
- IBM i V7R1: PTF SI58105
- IBM i V7R2: PTF SI58106
Updating Command Security
Ensure the following servers are available and running prior to updating:
- FTP Server
- Remote Command Server
The Command Security update process is completely automated. Do the following to update Command Security:
- Download the Command Security Update Installer. To do so, go to the Powertech Website and click Your Account.
- Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to update Command Security, a user profile, and password.
Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.
- The Wizard updates Command Security on your system. When the update completes, click Finish to remove the Wizard from your PC.
The update process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the Command Security update.