Locking and unlocking security-related system values

To prevent users from changing security-related system values during normal operation, system service tools (SST) and dedicated service tools (DST) provide an option to lock these security values.

You must use DST if you are in recovery mode because SST is not available during this mode. Otherwise, use SST to lock or unlock the security-related system values.

To lock or unlock security-related system values with the Start System Service Tools (STRSST) command, follow these steps:

  1. Open a character-based interface.
  2. On the command line, type STRSST.
  3. Type your service tools user name and password.
  4. Select option 7 (Work with system security).
  5. Type 1 to unlock security-related system values or 2 to lock security-related system values in the Allow security-related system values changes parameter.
Note: You must have a service tool profile and password to lock or unlock the security-related system values.

To lock or unlock security-related system values using dedicated service tools (DST) during an attended IPL of a system recovery, follow these steps:

  1. From the IPL or Install the System display, select option 3 to Use Dedicated Service Tools.
    Note: This step assumes that you are in recovery mode and are performing an attended IPL.
  2. Sign on to DST using your service tools user name and password.
  3. Select option 13 (Work with system security).
  4. Type 1 to unlock security-related system values or 2 to lock security-related system values in the Allow security-related system values changes parameter.

To view a list of system values are controlled by this lock function, see Lock function of security-related system values.