- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


A security conscious company has a policy of removing "default" admin accounts from its software products and replacing then with a non standard admin accounts. Is the possible in Splunk?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.
CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.
It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost
For futher suggestions on "hardening" the Splunk enviroment please see
http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content


It is possible clone the admin user to a new "admin"account (eg splunkadm)with identical privileges. Once the new account is created you may delete the original admin account.
CAVEAT
If the "default" admin has created knowledge objects you will need to move these knowledge objects associated with the "default" admin to the "new" admin account.
It is advisable to test this in a Pre Production Test Enviroment to ensure that no fuctionality is lost
For futher suggestions on "hardening" the Splunk enviroment please see
http://docs.splunk.com/Documentation/Splunk/5.0/Security/Hardeningstandards
