Getting Data In

Admin user accout delete on splunk Enterprise 7.0.1

euimok
Explorer

Hi Splunker
I have a question about splunk Enterprise 7.0.1
For security reason, my customer want to disable or delete admin account(default) ?
Are there people who experienced similar my case?

Thank you

0 Karma

gfreitas
Builder

I have deleted the default admin account many times. First I needed to create a new admin account and then just login with the new admin and remove the old one. As ivanreis said please make sure to re-assign all the knowledge objects of admin to the new user otherwise they will become orphan and you won't be able to use them.

0 Karma

ivanreis
Builder

I never experienced this customer request before. You have the option to clone the admin account to a new account. Also is important to highlight that all knowledge objects already created under admin account have to reassigned to this new user.

There is an old topic at splunk answer about the same topic, although it is related with the older Splunk versions, can be applied to your case as well.
https://answers.splunk.com/answers/65221/replacing-splunk-admin-account-with-a-non-standard-admin-ac...

0 Karma

euimok
Explorer

Hi ivanreis
Thank you for your answer . I did clone admin account(default) as spadmin but I can't delete admin account(default) user. 🙂
If you have any others good please let me know

0 Karma

ivanreis
Builder

In this case, my suggestion is to run a new Splunk enterprise installation and when splunk will start for the 1st time, you have to type the new admin user requested by customer, check this doc
https://docs.splunk.com/Documentation/Splunk/7.3.2/Installation/StartSplunkforthefirsttime.

0 Karma
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...