In this section we’ll be changing the password on the pre-configured admin account; but also configuring a new administrator account.
Step 1 – User Manager
From the Dashboard Screen
System > User Manager
From the home page, you will see the default administrator account.
The first thing we need to do is change the password to this account
Click the Edit icon under the action section
Once we get into the admin profile page, change the password from the default, then click ‘Save’ at the bottom
Step 2 – Create New Admin Account
Now that we’ve changed the default System Administrator password, we’ll create another admin account. This admin account is one that we’ll be using by default going forward.
From the User Manager home page, click ‘Add’ to begin adding a new user
NOTE: The creation of an additional administrator account is optional. However, I recommened it to help secure your pfSense® setup with two purposes:
- If I’m configuring an advanced feature and something is set wrong, I still have the root administrator account to fall back on.
- it shields the built in account from being compromised since we’ll be disabling it in next step.
Create an admin username to something that you’ll remember easily (i.e. adminRoot).
NOTE: Username and Passwords are case sensitive. Any capitalization in any username or password created will be used when entering credentials. Failure to case match the username and password will result in a login failure. (i.e. adminroot = Wrong; adminRoot= Correct)
Once you’ve created the username and password, we need to elevate the permissions of this new user for admin purposes. In the ‘Groups’ section click ‘admins’ and then click the ‘Move to “member of” list’ button; the ‘admins’ group will then be added on the right ‘Member of’ box.
Click Save at the bottom.
You will now see the newly created admin account listed in the User section.
One you have successfully logged in with the new admin account, we will navigate to the User Manager and disable the default admin account
From the User Manager screen click ‘Actions’ on the admin account
Within the admin profile page, we need to disable the admin account
- Disabled – This user cannot log in: Checked
- Click ‘Save’ at the bottom
After we hit save, you can see the built-in admin account is now safely disabled
NOTE: This does not disable root access via SSH. Although SSH is still disabled by default
Next in Part 5 of our General Setup we will discuss advanced section with a few tweaks to secure connection to pfSense box.