Is changing the CCM machine username supported by Cisco

gene · ‎03-26-2007

I have a customer running 4.2.3 that says it is against their security policy to leave the username as administrator. I have seen some posts that say this is a bad idea to change but is there an official doc from Cisco saying you can't change this?

e.huntley · ‎03-26-2007

The doc is out there, I have seen it. I will look and see if I have a link, but you should be able to search.

I opened a TAC once and here is what I got back.

On the CallManager, take a look in the Utils directory on the C: drive of the CallManager itself. The file C:\Utils\SecurityTemplates\CCM-OS-OptionalSecurity-Readme.htm gives tools, scripts, and recommendations. It contains information about optional security capabilities which customers may enable as desired. Most of the optional scripts have associated caveats, which is why they are not done by default.

What you will see is there is a lot of stuff that looks for the account named "Administrator". Things like the password change utility, Extension Mobility. Also, every time you want to do an upgrade, you have to change it back even if you can change it.

There are a lot of caveats.

gene · ‎03-26-2007

Thanks for your help.

gogasca · ‎03-26-2007

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddd72dd/0#selected_message

Jason Aarons · ‎03-26-2007

You can rename it, but any update requires you to re-name it back. It's such as hassle I would not recommend it.

I once renamed Administrator and setup.exe immediately came back with a error in 4.1(3).

It's like adding them to a domain, you can do it but you'll have to put them back in a workgroup for updates. Not worth the time to put them in a domain.