New Administrator Grayed Out

[BryDwy]

Our primary Checkpoint Admin recently left the company. Management deleted his account in Checkpoint. Apparently, his account was the only one that had permission to add or delete Administrator accounts because when I am logged into SmartDashboard with my account those options are grayed out. Is there a way to get an account created that does have the correct permissions? We are using NGX R60. Any help would be much appreciated.

[Tommo]

Hi BryDwy,

Simples way is to do this through cpconfig on the smartcentre.

Depends on version, but, something like this (taken from my splat VM):

Login into the smartcentre (command line) is easiest
run cpconfig
chose administrators (option2)
(admins list is shown)
Do you want to modify this list (Yes)
Do you want to delete an administrator (Yes)
enter the admin name to delete
Are you sure you want to continue (No)
Do you want to add an administrator (Yes)
enter the name
enter a password
confirm the password
Exit cpconfig

Now, log into the smartcentre with the new info. You can then go into the CP admins section, and update the profile for your account (to give you full access)

Hope this helps you out ;-)

[BryDwy]

From the information that I have gathered thus far, in NGX R60, you are not able to add administrators through cpconfig except during the initial install. When I follow the steps you layed out it just deletes the account. It does not ask to verify and there is not an option to add an account. The only way to add an administrator account appears to be through SmartDashboard.

[lammbo]

Do you know the password for 'admin'? I think that account cannot be deleted.

[BryDwy]

I do not see an account for admin at all. I see no accounts listed when I use cpconfig and there are is only my account when you look in SmartDashBoard

[lammbo]

Quote:

Originally Posted by BryDwy

I do not see an account for admin at all. I see no accounts listed when I use cpconfig and there are is only my account when you look in SmartDashBoard

I find that odd. At a minimum, you should see your account and a special group object named 'cpconfig_administrators'. That group should have the 'admin' account as a member. My SCS is R65 on Windows 2003 now (was previously upgraded from R60 which was also upgraded from R55p before that). The R55 was a new build that I did from scratch so that means the 'admin' account was created in R55p. I cannot modify that account except for changing the password. Which means I cannot reduce it's rights from god mode. Unless this is no longer the case in these newer versions, that account should be there with FULL rights to everything.

I've enlisted the aid of a guy on my company's Help Desk (he has read only in Dashboard). Under his extremely limited login, he can see the objects and open them but every option is grayed out, as one would expect.

Just based on your info, I would say that if you cannot even see these objects (it doesn't matter that you have admin level permissions), then your database may be corrupted.

[chillyjim]

Quote:

Originally Posted by BryDwy

From the information that I have gathered thus far, in NGX R60, you are not able to add administrators through cpconfig except during the initial install.

You may only have one "cpconfig_admin" (unless it was an upgrade). That admin may be deleted and recreated from cpconfig as needed.

[lammbo]

Quote:

Originally Posted by chillyjim

That admin may be deleted and recreated from cpconfig as needed.

So that would mean if the SCS is running on a Windows server and you can log into the server with Administrator permissions on the server, you can run the CPCONFIG GUI and own the admin account... I've used that method to change the Admin password before (when I first started CP) but I didn't know you could add and remove the account - good stuff. TY

Quote:

Originally Posted by BryDwy

Management deleted his account in Checkpoint. Apparently, his account was the only one that had permission to add or delete Administrator accounts....

Have been thinking about this. Please elaborate more on the quoted text. Who is 'Management'?
You say his CP login was deleted, but someone had to be logged in with sufficient permission to delete an admin account (only another admin), unless he deleted himself before leaving (not sure if this is possible).

So that probably leaves an alternate login method where his CP account is tied to AD or something. Can you provide more details please.



chillyjim - can you delete an account you are logged in with?

[lammbo]

Any update on this? This was a good educational case and I would really like to know the outcome/fix.