What Happens When the Default Administrator Account is Locked Out?
search cancel

What Happens When the Default Administrator Account is Locked Out?

book

Article ID: 160548

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Data Loss Prevention Core Package

Issue/Introduction

If the Administrator account becomes locked out, is there any impact to DLP?

How do I unlock the Administrator account?

What are the lock/unlock options available?

What if my password for the Administrator account is lost?

Environment

DLP 16.x

DLP 25.1

Cause

Multiple login attempts with the wrong password.

A lockout time is associated with the Administrator account from previously failed login attempts.

Password for the account has been lost and the account is unusable.

Resolution

The built-in Administrator account is an application account located inside the Oracle Database. This is not an Oracle account.

While the Administrator account is disabled, a DLP admin will be unable to perform the following tasks:

  • Complete first-time-setup of DLP.
  • Configure Authentication Methods for DLP, like SAML.

When the Administrator login fails multiple times, the account is locked out for 60 minutes by default.

For lock/unlock options, review the Additional Information section below.

Additional Information

DLP SAML setup bypass URL: Administrator Bypass URL (broadcom.com)

Configure SAML Auth: Generate or download Enforce (service providers) SAML metadata (broadcom.com)

DLP Built-in Administrator password reset tool: Resetting the Administrator Password (broadcom.com)

NOTE: In order to complete the account's unlocking, the Built-in Administrator needs to successfully log into Enforce after the lockout expiration time expires. Without a successful login, the DLP system will still treat the Administrator account as locked, which can impact functionality such as execution of Enforce-launched Response Rule actions.

Change default lockout timer here: \Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\passwordenforcement.properties

#Number of minutes for Administrator lockout expiration in minutes.
com.vontu.manager.password.administrator.lockout.expiration=60

#Number of consecutive failed login attempts before lockout.
com.vontu.manager.password.attempts=6

#Number of failed password renewal attempts before logout.
com.vontu.manager.password.renewal.attempts=4

Restart Symantec DLP Manager service after making changes to the properties file.

Powered by Wolken Software