General Setup Part 4 – User Manager

In this section we’ll be changing the password on the pre-configured admin account; but also configuring a new administrator account.

Step 1 – User Manager

From the Dashboard Screen

System > User Manager

Fig01. User Manager Menu Selection

Fig01. User Manager Menu Selection

From the home page, you will see the default administrator account.

Fig02. User Manager Screen

Fig02. User Manager Screen

The first thing we need to do is change the password to this account
Click the Edit icon under the action section

Fig03. Edit Icon for Admin Account

Fig03. Edit Icon for Admin Account

Once we get into the admin profile page, change the password from the default, then click ‘Save’ at the bottom

Fig04. Change the Admin Password

Fig04. Change Admin Password

Step 2 – Create New Admin Account

Now that we’ve changed the default System Administrator password, we’ll create another admin account. This admin account is one that we’ll be using by default going forward.

From the User Manager home page, click ‘Add’ to begin adding a new user

Fig05. Add User

Fig05. Add User

NOTE: The creation of an additional administrator account is optional. However, I recommened it to help secure your pfSense® setup with two purposes:

  1. If I’m configuring an advanced feature and something is set wrong, I still have the root administrator account to fall back on.
  2. it shields the built in account from being compromised since we’ll be disabling it in next step.

Create an admin username to something that you’ll remember easily (i.e. adminRoot).
NOTE: Username and Passwords are case sensitive. Any capitalization in any username or password created will be used when entering credentials. Failure to case match the username and password will result in a login failure. (i.e. adminroot = Wrong; adminRoot= Correct)

Fig07. Wrong Spelling of Admin Username

Fig07. Wrong Spelling of Admin Username

Fig08. Login Failure due to Wrong Spelling of Admin

Fig08. Login Failure due to Wrong Spelling of Admin

Once you’ve created the username and password, we need to elevate the permissions of this new user for admin purposes. In the ‘Groups’ section click ‘admins’ and then click the ‘Move to “member of” list’ button; the ‘admins’ group will then be added on the right ‘Member of’ box.
Click Save at the bottom.

Fig06. Create 2nd Admin Account

Fig06. Create 2nd Admin Account

You will now see the newly created admin account listed in the User section.

Fig09. New User Profile Added

Fig09. New User Profile Added

One you have successfully logged in with the new admin account, we will navigate to the User Manager and disable the default admin account

From the User Manager screen click ‘Actions’ on the admin account

Fig10. Edit Admin User

Fig10. Edit Admin User

Within the admin profile page, we need to disable the admin account

  • Disabled – This user cannot log in: Checked
  • Click ‘Save’ at the bottom
Fig11. Disable Built-in admin

Fig11. Disable Built-in admin

After we hit save, you can see the built-in admin account is now safely disabled

Fig12. User Manager with disabled admin showing

Fig12. User Manager with disabled admin showing

NOTE: This does not disable root access via SSH. Although SSH is still disabled by default

Next in Part 5 of our General Setup we will discuss advanced section with a few tweaks to secure connection to pfSense box.