執行CHGUSRPRF命令需要*SECADM 權限，但通常Security部門不允許Grant這個這麼大的權限，爲了達到目的，改用下面的方法

1. Create CL program

注意裏面一定要用MONMSG命令擋住所有錯誤，不然PC端連到AS400的QZRCSRVS job一旦沒有權限或者profile不對會無限產生MSGW的job

2. CRTCLPRGM with  USRPRF(*OWNER)

3. CHGOBJOWN this program to a profile(比如 QCRTUSR) with
*SECADM authority

4. EDTOBJAUT this program to allow only user profile to use it

5.使用cwbx.dll

        cwbx.StringConverter sc = new cwbx.StringConverter();  
        AS400System s = new AS400System();  
        s.Define("AS400HostName");  
       //    s.IPAddress = ipStr;  
        s.UserID = Constants.ISERIES\_USER\_NAME;  
        s.Password = Constants.ISERIES\_PASSWORD;  
        s.PromptMode = cwbcoPromptModeEnum.cwbcoPromptNever;  
        cwbx.Program p = new cwbx.Program();  
        cwbx.Command c = new Command();  
        p.system = s;  
        p.LibraryName = Constants.ISERIES\_InfiniumCustomLibName;  
        p.ProgramName = Constants.ISERIES\_ChangeUserProfileProgramName;  
        ProgramParameters paras = new ProgramParameters();  
        paras.Append("@USRPRF", cwbrcParameterTypeEnum.cwbrcInout, 10);  
        paras.Append("@PWD", cwbrcParameterTypeEnum.cwbrcInout, 10);  
        paras.Append("@ERRMSG", cwbrcParameterTypeEnum.cwbrcOutput, 500);  
        userProfileName = userProfileName.Trim();  
        string userProfile = string.Format("{0}{1}", userProfileName, new string(' ', (10 - userProfileName.Length)));  
        paras\["@USRPRF"\].Value = sc.ToBytes(userProfile);  
        paras\["@PWD"\].Value = sc.ToBytes(newPassword);  
        p.Call(paras);  
        msg = sc.FromBytes(paras\["@ERRMSG"\].Value).ToString();

6.注意,cwbx.dll只有32bit版本，沒有64bit版本

如果是IIS7,每個web application pool都可以設置Enable 32-bit Applications為true,但悲催的IIS6這個參數是全局性的,會影響到其他web application

1.

Open a command prompt and navigate to the %systemdrive%\Inetpub\AdminScripts directory.

2.

Type the following command:

cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 “true”

3.

Press ENTER.

按上面的命令可以設置該參數為true，但導致的後果就是ＩＩＳ不再會使用64bit的.Net FrameWork，那些web application直接不能用了。

終結方法是另起一個web service，該web srevice放在允許32bit的ＩＩＳ上，這樣就行了。

http://www.experts-exchange.com/OS/Miscellaneous/Q_26247446.html

Create CL program called CHANGEUSR

Log on as QSECOFR

Change CHANGEUSER *PGM object owner to QSECOFR using CHGOBJOWN command.

Change program to run under *OWNER authority using CHGPGM command.

EDTOBJAUT on the program and restrict *USE rights to all users that you want to be able to use the program (not *PUBLIC!).

Configuring IIS to Run 32-bit Applications on 64-bit Windows (IIS 6.0)

https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/405f5bb5-87a3-43d2-8138-54b75db73aa1.mspx?mfr=true