Disable default admin account and replace it with a custom administrator account.
Improve security since the default admin account is prone to brute force attacks; clean up user accounts that are accidentally a member of the administrators group, reducing your NAS’ attack vector.
You use the default admin account, and you have become aware that this is not a best practice from a security point of view.
You need to log in to the DSM desktop from your browser several times for this procedure. If you are not familiar with doing that, please reference how to – Login to Synology DiskStation Manager on this website.
Before you can disable the default admin account, you must have at least one other administrator account. You log in and disable the default admin with this custom administrator account.
1. Review members of the administrators group
You log in to the DSM desktop from your browser with either the default admin account or any other administrator account. Next, open Control Panel.
Go to Control Panel > Group, and select the administrators group. On the page at the right, click on the Edit Members button. Review the members of the administrators group.
Before proceeding, check whether there is at least one custom account besides the default admin account. If not, proceed with step 2. If there are one or more other accounts, log in with one of the accounts unless you already did that now, and proceed with step 3.
2. Create a custom administrator account
If there is no other administrator account other than the default admin account on your NAS, you create a separate account for that purpose only. It is best to create a dedicated administrator account for administrative tasks like NAS maintenance, package installation, backup, and other tasks. Do not make your every-day-account a member of the administrators group.
In Control Panel > User, click on the Create button. Please create an account and make it a member of the administrators group on the second screen of the wizard. Do not forget to fill in an email address for the user. You will need this for 2-step authentication, as I explain in how to – Enable 2-step authentication.
Ensure you store the password for the other administrator account in a safe place, preferably in a password manager.
Log off and continue with step 3.
3. Disable the default admin account
Log in with a user account you created in step 2 or another account member of the administrators group. In Control Panel > User, select the user with the name admin. Click the Edit button. Set a checkmark at Disable this account > immediately in the admin screen.
Congrats, you achieved the primary objective.
Thanks for reading
Paul Steunebrink / Storage Alchemist