PC端使用program來CHGUSRPRF

執行CHGUSRPRF命令需要*SECADM 權限，但通常Security部門不允許Grant這個這麼大的權限，爲了達到目的，改用下面的方法
1. Create CL program
注意裏面一定要用MONMSG命令擋住所有錯誤，不然PC端連到AS400的QZRCSRVS job一旦沒有權限或者profile不對會無限產生MSGW的job

2. CRTCLPRGM with  USRPRF(*OWNER)
3. CHGOBJOWN this program to a profile(比如 QCRTUSR) with *SECADM authority
4. EDTOBJAUT this program to allow only user profile to use it

5.使用cwbx.dll

            cwbx.StringConverter sc = new cwbx.StringConverter();
            AS400System s = new AS400System();
            s.Define("AS400HostName");
           //    s.IPAddress = ipStr;
            s.UserID = Constants.ISERIES_USER_NAME;
            s.Password = Constants.ISERIES_PASSWORD;
            s.PromptMode = cwbcoPromptModeEnum.cwbcoPromptNever;
            cwbx.Program p = new cwbx.Program();
            cwbx.Command c = new Command();
            p.system = s;
            p.LibraryName = Constants.ISERIES_InfiniumCustomLibName;
            p.ProgramName = Constants.ISERIES_ChangeUserProfileProgramName;
            ProgramParameters paras = new ProgramParameters();
            paras.Append("@USRPRF", cwbrcParameterTypeEnum.cwbrcInout, 10);
            paras.Append("@PWD", cwbrcParameterTypeEnum.cwbrcInout, 10);
            paras.Append("@ERRMSG", cwbrcParameterTypeEnum.cwbrcOutput, 500);
            userProfileName = userProfileName.Trim();
            string userProfile = string.Format("{0}{1}", userProfileName, new string(' ', (10 - userProfileName.Length)));
            paras["@USRPRF"].Value = sc.ToBytes(userProfile);
            paras["@PWD"].Value = sc.ToBytes(newPassword);
            p.Call(paras);
            msg = sc.FromBytes(paras["@ERRMSG"].Value).ToString();

6.注意,cwbx.dll只有32bit版本，沒有64bit版本
如果是IIS7,每個web application pool都可以設置Enable 32-bit Applications為true,但悲催的IIS6這個參數是全局性的,會影響到其他web application

To enable IIS 6.0 to run 32-bit applications on 64-bit Windows

1.	Open a command prompt and navigate to the %systemdrive%InetpubAdminScripts directory.
2.	Type the following command: cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 “true”
3.	Press ENTER.

按上面的命令可以設置該參數為true，但導致的後果就是ＩＩＳ不再會使用64bit的.Net FrameWork，那些web application直接不能用了。

終結方法是另起一個web service，該web srevice放在允許32bit的ＩＩＳ上，這樣就行了。

http://www.experts-exchange.com/OS/Miscellaneous/Q_26247446.html

Create CL program called CHANGEUSR
Log on as QSECOFR
Change CHANGEUSER *PGM object owner to QSECOFR using CHGOBJOWN command.
Change program to run under *OWNER authority using CHGPGM command.
EDTOBJAUT on the program and restrict *USE rights to all users that you want to be able to use the program (not *PUBLIC!).

Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 6.0)

https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/405f5bb5-87a3-43d2-8138-54b75db73aa1.mspx?mfr=true