LOCAL out of the box user accounts - OK to deactivate or lock-out?

cynlink1
Tera Expert

‎06-03-2019 12:37 PM

Is there any reason that I should NOT deactivate the following LOCAL user accounts?

User IDs that I want to deactivate:

 - ATF.User

 - itil

 

 - soap.guest

 - sam

I know that the following two user accounts are used by the system. What is best practice for managing them? At minimum, I need to change the password every 90 days per our company's policy.

- bm.scheduler (runs scheduled job) 

- instance.sec.user (runs scheduled job)

Thanks in advance!

 

 

  • 1,862 Views
2 REPLIES 2

Michael Fry1
Kilo Patron

‎06-03-2019 03:38 PM

If you're not using them, there shouldn't be any issues inactivating them.

joel_ruiz1
Tera Expert

‎06-03-2019 04:00 PM

I'd recommend keeping them active but changing the password to something complex and ensure that the "Web service access only" attribute is set to true. (See screenshot) 

find_real_file.png

That will prevent the possibility of interactive sessions from being able to occur on that account. It's what I do with all of my systems non-user service accounts.

Hope this helps!

 

-Joel R.

Preview file
4 KB