This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duminda_SAT
Contributor
‎2022-02-10 08:27 AM
Jump to solution

Need to Rename or disable GAIA Admin Account

Hi Please help me to Disable or Rename GAIA Admin account due to compliance requirements.

Thank you,

Duminda Lakmal.

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2022-02-10 06:09 PM
Jump to solution

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

View solution in original post

10 Replies
G_W_Albrecht
Legend
Legend
‎2022-02-10 08:40 AM
Jump to solution

- Login to GAiA WebGUI

- on the left go to User Management > Users

- define new admin user with admin role

- select and edit the user admin to nologin role

CCSE CCTE CCSM SMB Specialist
the_rock
Legend
Legend
‎2022-02-10 06:09 PM
Jump to solution

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

HeikoAnkenbrand
Champion Champion
Champion
‎2022-02-11 01:08 AM
In response to the_rock
Jump to solution

Note:
If it is an SMS and you also use the "admin" account in the SmartConsole, you must also change the account with "cpconfig".

➜ CCSM Elite, CCME, CCTE
_Val_
Admin
Admin
‎2022-02-10 11:45 PM
Jump to solution

I am curious, what exact compliance issues are there with that admin account?

Bob_Zimmerman
Authority
Authority
‎2022-02-11 08:55 AM
In response to _Val_
Jump to solution

A lot of assessors don't like default usernames (like 'admin' specifically on Check Point boxes), predictable usernames (like 'admin', 'root', 'Administrator', and so on), or accounts with admin privileges whose usernames identify them as admin accounts (like 'BobZAdmin').

I routinely get all three complaints from assessors for every single box I manage.

0 Kudos
the_rock
Legend
Legend
‎2022-02-11 08:58 AM
In response to Bob_Zimmerman
Jump to solution

I think you would have to pay someone at CP a LOT of money to change that : - )

0 Kudos
Bob_Zimmerman
Authority
Authority
‎2022-02-11 10:02 AM
In response to the_rock
Jump to solution

The "BobZAdmin" example is because it's also a compliance issue if administrators don't have separate accounts for administrative actions, but the compliance assessors don't like the privileged accounts to have the substring "admin" in their usernames.

The default username 'admin' hits all three of those compliance complaints.

Setting its password hash to "*" is enough to prevent a user from logging in as 'admin', and doesn't risk breaking other stuff. Specifically, setting the shell to /sbin/nologin causes interactive sessions to fail, so if you log in as an unprivileged user (logging in as UID 0 is yet another compliance issue), you can't elevate to root privileges.

0 Kudos
_Val_
Admin
Admin
‎2022-02-12 06:16 AM
In response to the_rock
Jump to solution

Open an RFE 🙂

0 Kudos
masher
Employee
Employee
‎2022-02-15 07:52 AM
Jump to solution

This is also documented in sk112163.

- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events