If the Administrator account becomes locked out, is there any impact to DLP?

How do I unlock the Administrator account?

What are the lock/unlock options available?

What if my password for the Administrator account is lost?

DLP 15.8

DLP 16.0

DLP 16.1

Multiple login attempts with the wrong password.

A lockout time is associated with the Administrator account from previously failed login attempts.

Password for the account has been lost and the account is unusable.

The built-in Administrator account is an application account located inside the Oracle Database. This is not an Oracle account.

While the Administrator account is disabled, a DLP admin will be unable to perform the following tasks:

• Complete first-time-setup of DLP.
• Configure Authentication Methods for DLP, like SAML.

When the Administrator login fails multiple times, the account is locked out for 60 minutes by default.

For lock/unlock options, review the Additional Information section below.

DLP SAML setup bypass URL: Administrator Bypass URL (broadcom.com)

Configure SAML Auth: Generate or download Enforce (service providers) SAML metadata (broadcom.com)

DLP Built-in Administrator password reset tool: Resetting the Administrator Password (broadcom.com)

Change default lockout timer here: \Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\config\passwordenforcement.properties

#Number of minutes for Administrator lockout expiration in minutes.
com.vontu.manager.password.administrator.lockout.expiration=60

#Number of consecutive failed login attempts before lockout.
com.vontu.manager.password.attempts=6

#Number of failed password renewal attempts before logout.
com.vontu.manager.password.renewal.attempts=4

Restart Symantec DLP Manager service after making changes to the properties file.