• State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 282 views
  • Users 0 members are here
Options
Related

Lockdown Bootstrap Admin

jody gilbert
2 months ago

Is it possible to lock down the bootstrap admin account so that it can only be accessed via the management kiosk?

We are using Entra ID to control access to our other admin accounts, with various policies configured for MFA etc.  But the bootstrap admin account is a weak link that I'd like to lock down if possible. 

Parents
  • 0 2 months ago

    Hi Jody

    Please forgive me if stating the obvious but remember that the bootstrap account is a local account.

    Therefore I would recommend making your new admin account a local user as well with a ridiculously difficult password that is perhaps kept in a safe that requires duel authorisation to access. This account only being used in exceptional circumstances.

    While all access to the SPP interface is via network I have seen cases where bootstrap account was deleted and all admin accounts required external authentication. The external authentication failed and as Tawfiq says, you can recover using the kiosk, it is by design to make is secure, a real pain of a process!

    Just my 5p's worth.

    Good luck with your deployment.

    Tim

Reply
  • 0 2 months ago

    Hi Jody

    Please forgive me if stating the obvious but remember that the bootstrap account is a local account.

    Therefore I would recommend making your new admin account a local user as well with a ridiculously difficult password that is perhaps kept in a safe that requires duel authorisation to access. This account only being used in exceptional circumstances.

    While all access to the SPP interface is via network I have seen cases where bootstrap account was deleted and all admin accounts required external authentication. The external authentication failed and as Tawfiq says, you can recover using the kiosk, it is by design to make is secure, a real pain of a process!

    Just my 5p's worth.

    Good luck with your deployment.

    Tim

Children
No Data