This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duminda_SAT
Contributor
‎2022-02-10 08:27 AM

Need to Rename or disable GAIA Admin Account

Jump to solution

Hi Please help me to Disable or Rename GAIA Admin account due to compliance requirements.

Thank you,

Duminda Lakmal.

0 Kudos
1 Solution

Accepted Solutions
the_rock
Champion
Champion
‎2022-02-10 06:09 PM

Jump to solution

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

View solution in original post

10 Replies
G_W_Albrecht
Legend
Legend
‎2022-02-10 08:40 AM

Jump to solution

- Login to GAiA WebGUI

- on the left go to User Management > Users

- define new admin user with admin role

- select and edit the user admin to nologin role

CCSE CCTE SMB Specialist
the_rock
Champion
Champion
‎2022-02-10 06:09 PM

Jump to solution

You cannot really disable or delete default admin account. As @G_W_Albrecht , you can create new admin account and then edit to give it a different name.

HeikoAnkenbrand
Champion
Champion
‎2022-02-11 01:08 AM
In response to the_rock

Jump to solution

Note:
If it is an SMS and you also use the "admin" account in the SmartConsole, you must also change the account with "cpconfig".

_Val_
Admin
Admin
‎2022-02-10 11:45 PM

Jump to solution

I am curious, what exact compliance issues are there with that admin account?

Bob_Zimmerman
Advisor
‎2022-02-11 08:55 AM
In response to _Val_

Jump to solution

A lot of assessors don't like default usernames (like 'admin' specifically on Check Point boxes), predictable usernames (like 'admin', 'root', 'Administrator', and so on), or accounts with admin privileges whose usernames identify them as admin accounts (like 'BobZAdmin').

I routinely get all three complaints from assessors for every single box I manage.

0 Kudos
the_rock
Champion
Champion
‎2022-02-11 08:58 AM
In response to Bob_Zimmerman

Jump to solution

I think you would have to pay someone at CP a LOT of money to change that : - )

0 Kudos
Bob_Zimmerman
Advisor
‎2022-02-11 10:02 AM
In response to the_rock

Jump to solution

The "BobZAdmin" example is because it's also a compliance issue if administrators don't have separate accounts for administrative actions, but the compliance assessors don't like the privileged accounts to have the substring "admin" in their usernames.

The default username 'admin' hits all three of those compliance complaints.

Setting its password hash to "*" is enough to prevent a user from logging in as 'admin', and doesn't risk breaking other stuff. Specifically, setting the shell to /sbin/nologin causes interactive sessions to fail, so if you log in as an unprivileged user (logging in as UID 0 is yet another compliance issue), you can't elevate to root privileges.

0 Kudos
_Val_
Admin
Admin
‎2022-02-12 06:16 AM
In response to the_rock

Jump to solution

Open an RFE 🙂

0 Kudos
PhoneBoy
Admin
Admin
‎2022-02-11 01:43 PM

Jump to solution

See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

masher
Employee
Employee
‎2022-02-15 07:52 AM

Jump to solution

This is also documented in sk112163.

- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

0 Kudos