Sergio is partially correct. In NGx, while it is true that you can only creat a single admin user from the CLI (cpconfig), Checkpoint has a SK that documented to allow you to create multiple admin users from the CLI. I can't think of it at the moment. Basically, you use dbedit or gui-dbedit to edit a parameter "managed_administrator" or something like that and set to "false" I think. After that, it will allow you create multiple users from the CLI. I've raised this issue with CP not so long ago because if you have a standalone CLM and this CLM does not integrate with Provider-1 and CP gave me this tip. Unfortunately, it does not work very well in my environment because I have Provider-1. But it is definitely doable if I am not mistaken. Sergio Alvarez <[EMAIL PROTECTED]> wrote: Critics used to bang Check Point with the fact that anybody with physical access to the SmartCenter server could do whatever they wanted to the adminitrator users of the firewall and considered this a major vulnerability, therefore starting from NGX, you create a single admin user from the CLI (cpconfig) and all the rest of administrators and their permissions are created in the Administrators section of the Users tab on the GUI.
So you are right. Consider it a security improvement. Regards On 1/25/07, Crist Clark wrote: > > We need to change passwords of administrators defined using > the 'cpconfig' command line interface. In R55, when given > the choice, you ask to add a new administrator, but chose > the name of an existing one. You then can change the password > and other characteristics. > > In R60, the only option given by cpconfig is to delete > administrators. Are they hinting to us that this method of > maintaining administrators is no longer supported? Do I > need to move all administrators into the GUI administration > to change passwords? Anyone have pointers to Check Point > docs about this? > -- > > Crist J. Clark [EMAIL PROTECTED] > Globalstar Communications (408) 933-4387 > > > BĀ¼information contained in this e-mail message is confidential, intended > only for the use of the individual or entity named above. If the reader of > this e-mail is not the intended recipient, or the employee or agent > responsible to deliver it to the intended recipient, you are hereby notified > that any review, dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this e-mail in > error, please contact [EMAIL PROTECTED] > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > -- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
