TM1 Forum

HI,
May seem like a silly question but has anyone deleted the Admin account and had any unintended consequences.

Auditors raised a finding that the default user is "available" and want it removed.

Using Security Mode 3 with AD so would give at least one named user Admin rights but just checking if anyone removed ADMIN and had strange things happen.

Please let me know. Thanks.

Not tried, but you can always pass this IBM link on to the auditors as proof it should remain.

https://www.ibm.com/support/pages/tm1-a ... er-account

I can't recall the specifics, but I do remember writing a TI to delete a set of clients before adding them back and I recall that the server wouldn't let me delete Admin. Try it - perhaps not on a production server

Thanks for link and the feedback guys. Will look at how to actually delete Admin as we have not tried yet.

Would be fun to have the auditors around and try it in Production to see the fireworks show ensue!

Then the auditors are quite frankly idiots. If you can prove that the account isn't used then from an audit perspective that is sufficient, but the account can't be deleted.

lotsaram wrote: ↑Mon May 03, 2021 7:59 am Then the auditors are quite frankly idiots...

Cannot disagree with you here. Complete lunacy as the account is protected with a long random generated password in case mode 1 is ever used.

Had some auditors a few years back come with a ream of findings on another Unix system I ran at the time, telling me similar things about how vulnerable things were etc. Probably not my best move in front of the client's management but threw them the keyboard and said "Go, show me!"
Stunned silence and findings were retracted.

Thanks for the confirmation though.

gtonkin wrote: ↑Mon May 03, 2021 8:38 am Complete lunacy as the account is protected with a long random generated password in case mode 1 is ever used.

This is only true when you are using IBM's Cloud environment and you can remove the password if you want so that it is blank. I did that on our Cloud development server so that if I ever need to toggle back to mode 1 I can log in as an admin and not have to remember the password.