This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
is it possible to disable the ise's default cli username "admin"?
the guide (https://www.cisco.com/c/en/us/td/docs/security/ise/2-7/admin_guide/b_ise_admin_guide_27/b_ise_admin_guide_27_chapter_0101.html) mentioned something like:
The username and password that you configure during setup is intended only for administrative access to the CLI. This role is considered to be the CLI admin user, also known as CLI administrator. By default, the username for a CLI admin user is admin, and the password is defined during setup. There is no default password. This CLI admin user is the default admin user, and this user account cannot be deleted. However, it can be edited by other administrators, including options to enable, disable, or change password for this account.
as what i understood from this, the default admin can be disabled provided that a new username with admin role has been configured. but how can it be done on cli?
thanks in advnce
From CLI, create new user accounts, assign it the admin role, test to make sure you can authenticate, and afterwards disable the admin account.
as per my understandfing You can not delete the admin account, instead you can change the password keep as secret and create an equivalent admin account.
but some point you need it admin user for some kind of diagnosis, cisco TAC may ask you to login as admin.
1. You need to keep one admin account for the CLI/ADE-OS.
2. If you want another username than"admin" create it, give it the role of admin
3. if you want to get rid of the "admin" account/username, based on your ISE vision see what works: delete the username with the "no" option in front of the command, or configure the username and specify "disable" at the end, or configure the "admin" account to have a role of "user".