Leo - The following tools look like they might be useful: [VAX83B.FERMILAB.FERMIEXE.SOURCES.GETUAF] GETUAF - used to get various UAF attributes from users, returns them in symbols to let you use them from DCL scripts. Also in 84A Also in 85C (fall '85) UAFdef (85A tapes) is a DTR definition for UAF records. 87A - UAF tool, to audit UAF changes and to do I/O to the UAF. 87A also has IDLE which reports idle accoutns 88A2 - USERLIST - generates lots of reports of UAF. Looks like this might be just what is wanted. << List of SYSUAF Report Options: >> SYSUAF REPORT PROGRAM V2.10 Report Type: A) Owner, Username, UIC (including sort by UIC) (incl Default Dir if to a file) B) Username, Flags (including sort by UIC) (incl Acct and PW Dates if to a file) C) Wsdefault, Wsextent, and Wsquota (incl ENQLM, FILLM, ASTLM, BIOLM, DIOLM, BYTLM, PBYTLM if to a file) D) Usernames only (No report headings are printed) E) Usernames, dates, and UICs who have ever logged in (No report headings) F) Usernames who have never logged in (No report headings are printed) G) Usernames and dates who have not logged in within the past 6 months H) Privileges (Default AND Authorized) (132-columns) I) Fill Bytes Report (to a file) J) Username, UIC, Default Dev/Dir, LGICMD (ACCT if file) (incl sort by UIC) K) Same as J) but also lists all identifiers held by each user (sorts by IDENT) L) Creates AUTHORIZE command file of: REVOKE/IDENTIFIER identifier username M) AUTHORIZE "MODIFY username/" command file of all usernames holding a specific identifier N) AUTHORIZE "MODIFY username/LGICMD=file-spec" command file of all usernames O) AUTHORIZE "MODIFY username/DEVICE/DIRECTORY/PWDMIN" cmd file of all users P) AUTHORIZE "MODIFY xxxxusername/WSDEFAULT=value/WSQUOTA=value/WSEXTENT=value /ENQLM=value/FILLM=value" command file of all usernames Q) DISKQUOTA "ADD [uic]/PERM=999999/OVER=500" cmd file for all users for DUA0: R) Report of all accounts having any user-data 88B3 (Fall '88) SHOWUAF - display users based on lots of criteria. ShowUAF, Version 1.0 SHOWUAF is designed to allow a VAX system manager to effectively examine the system User Authorization File(s) SYSUAF.DAT on one or more VAX systems. The files can be accessed directly or via DECnet. SHOWUAF will display all users that satisfy a specified set of parameters. For example, to display all users that have the SYSPRV authorized privilege, the input command would be: SHOWUAF> PRIV=SYSPRV Input commands to SHOWUAF consist of sets of parameter-value pairs. (In the above example, PRIV is the parameter, SYSPRV is the value). A parameter-value pair is connected by a comparison character of "=", "\", "<", or ">", which signifies that the check should be for users whose UAF value is equal to, not equal to, less than, or greater than, the value ... Looks also like it could be used. 89B2 - SYSUAF V3.02 is a reporting program for the SYSUAF and RIGHTSLIST data files. Could be an update of above. Works across DECnet too. Updated in 91B too: SYSUAF V5.00 is a reporting program for the SYSUAF and RIGHTSLIST data files. Updated 92A too: SYSUAF V5.42 is a reporting program for the SYSUAF and RIGHTSLIST data files. Updated 92B SYSUAF V5.47 is a reporting program for the SYSUAF and RIGHTSLIST data files. Updated 93A SYSUAF V5.50 is a reporting program for the SYSUAF and RIGHTSLIST data files. Joe Meadows' UAF tool is an excellent bet: on the same tape. UAF. Updated 92B also. Updated 94A also. Despite less abstracts it is possibly the best such tool around. UAF does for SYSUAF.DAT what FIND does for INDEXF.SYS. It allows you to search for users based on multiple criteria. Almost any field found in the UAF can be used for selection and/or display. Updated in 90A Includes a password guesser too. Note that the DWProfile tool in 92B is a fullscreen frontend for sysuaf and account maintenance, creation, deletion, etc. via DECwindows. There are a number of updates later. DWProfile will also search and display UAF records based on fields matching (possibly wildcarded) selection criteria. 93A has SCANUAF. SCANUAF.ZIP - Search SYSUAF for accounts matching specific criteria SCANUAF Scan SYSUAF for accounts matching specified criteria Author: Jim Snyder VAX Parts: 5 Language: FORTRAN *************** - Find informatrion about all job in all queues - Find information about all usernames in SYSUAF (supported) - Find information about all usernames in SYSUAF (unsupported) - Find information about all disk-quotas on a disk Updated in 94A. In 96A there is a tool getuai.zip in the teco archive that gets UAF fields to DCL symbols. (Updates earlier stuff). Note the DECUS library catalog # V00538 MASS_UAF Version: 1.01, April 1992 might be useful. Also the DORMANT program... There are by the way other utilities for things like finding all ACE entries pointing to some name (handy when deleting an account) and generating a command file to blow them off (or just doing it), for making the UAF and the MAILUAF correspond, and for making multiple UAFs across DECnet alike. The DECUS essential tools kit contains scanuaf. Joe Meadows' excellent UAF program and scanuaf are both on any recent sigtape CD also; I have them online. glenn everhart As you can begin to see, there's a VERY large amount of code around for the kinds of things you want, as well as for lots of other security related tasks. I think I've found the most important of the lot. Since the UAF file hasn't changed much, these are likely to still be useful. The more recent tools use hash password and / or understand Purdy under salt hashes, and may be expected to work on alpha just fine. The older stuff will also probably VEST pretty easily if one wants a quicker way... About all of this stuff is in source as well as with binaries. glenn