No one uses IDMAINT. Well, OK, one of my customers has IDMAINT set up. One. And it is protecting only Remote users and does not filter locally connected workstations.
And the user name entries in that system are totally garbage. Junk. Meaningless. All I cared about was ensuring that only pre-screened workstations are allowed in and I gave no thought to user names.
And there is no meaningful way to correct the user name. How can I tell which machine is which in the database so I can enter more meaningful user names?
My customers want to be independent; self-sufficient. IDMAINT works against that. IDMAINT is job security. I’m the kinda geek who reads and re-reads techie documentation and I don’t understand “inner doors”, “outer doors”, “inner sanctums” and “sanctum sanctorum”. Doors are closed, doors are opened. I once tried to talk a customer through removing IDMAINT so I could get on their system to do some unplanned maintenance. Totally failure. The final screen, with all that explanation, totally overwhelmed my end user.
One thing I’ve learned from my customers is that machines are not people. You should never, ever name a machine for the person currently sitting at that machine. Neither should you use people’s names in network logons or Comet logons. People get promoted, change jobs, leave, retire, get sick, etc.
Machines are passed down. They get moved from the “important” people to the less important people. And they get moved from department to department.
The only constant is department names and even they change over time.
Most system administrators would like department names, and not individual names identifying reports. A report belongs to Accounts Payable or Sales, not to a specific person. IDMAINT is an unlikely place to look for department names.