Disable Default Admin Account

Primary Objective

Disable the default admin account and replace it with a custom administrator account.

Secondary objective(s)

Improve security since the default admin account is prone to brute force attacks; clean up user accounts that are accidentally a member of the administrators group, reducing your NAS’ attack vector.

Background

You use the default admin account, and you have become aware that this is not a best practice from a security point of view.

For this procedure, you need to log in to DSM desktop from your browser several times. If you are not familiar with how to do that, please reference how to – Login to Synology DiskStation Manager on this website.

Actions

Before you can disable the default admin account, you must have at least one other administrator account. With this custom administrator account, you log in and disable the default admin.

1. Review members of the administrators group

Login to the DSM desktop from your browser with either the default admin account or any other administrator account. In Control Panel > Group, select the administrators group. On the page at the right, click on the Edit Members button. Review the members of the administrators group.

Before you proceed, check whether there is at least one custom account besides the default admin account. If not, proceed with step 2. If there are one or more other accounts, log in with one of the accounts unless you already did that now, and proceed with step 3.

2. Create a custom administrator account

If there is no other administrator account other than the default admin account on your NAS, you create a separate account for that purpose only. It is a best practice to create a dedicated administrator account for administrative tasks like NAS maintenance, package installation, configure backup, and other tasks. Do not make your every-day-account a member of the administrators group.

In Control Panel > User click on the Create button. Please create an account and make it a member of the administrators group in the second screen of the wizard. Do not forget to fill in an email address for the user. You will need this for 2-step authentication, as I explain in how to – Enable 2-step authentication.

Ensure you store the password for the other administrator account in a safe place, preferably in a password manager.

Log off and continue with step 3.

3. Disable default admin account

Log in with a user account you created in step 2 or another account that is a member of the administrators group. In Control Panel > User, select the user with the name admin. Click the Edit button. In the admin screen, set a checkmark at Disable this account > Immediately.

Congrats, you achieved the primary objective.

Leave a Comment

Your email address will not be published. Required fields are marked *