Being a small shop with low turnover and very infrequent need to get into the system to make adds / changes / deletes we had been content to just have the one administrator account.
Which is of course a horrible idea.
And unless you're just a spurious reader of random internet blogs I suspect you know why its a bad idea. Well, ONE of the reasons anyway.
If you get locked out of it for some reason you're pretty well dead in the water.
Just like we were.
We had a new hire and we tried to login to the system much as we always had, only to find the system telling us we had invalid credentials.
We could however still login to the CLI
utils cuc reset password administrator ournewfancypassword
But it turns out there's a bit more to it.
The first time I tried this command I admit I attempted to just use the password we had already been using. That netted me an error
Update FAILED: code = 21, DUPLICATE CREDENTIAL
A little googling later I discovered the reason for this - it keeps track of your old passwords, so you can't reuse them (not that, if were honest, we should be doing anyway). After comng up with a brand new password (Yep, P@ssword2016, how'd you guess?) we were good to go.
A couple of other things to know if you came here for guidance.
- If you're in a clustered environment you'll want to run this command from the Publisher node
- By default your local user account passwords expire every 120 days, including the administrator account. You can of course turn that "pesky" feature off if you'd like, but since I think its a good idea, I'll leave you to google THAT from somewhere else.
- If for no other reason than you're here having to do this you should probably make a second admin account, just in case. Or in the best of worlds, have a separate one for each person permitted to make changes in the system