How do I deactivate the default admin account and duplicate their data and settings to another administrator account?
How do I deactivate the default admin account and duplicate their data and settings to another administrator account?
Purpose
Starting from DSM 6.2.4, you may receive a variation of the following DSM desktop notification reminding you to deactivate the default admin account for security considerations:
The default account "admin" is vulnerable to brute-force attacks, which may lead to ransomware attacks. Create another administrator account or sign in with another administrator account and deactivate "admin".
This article provides a step-by-step guide to duplicating the admin's data and settings to another administrator account before you deactivate the admin account.
Contents
Resolution
1. Before you start
- Please note that not all data and settings of the admin account can be duplicated.1 This article only lists items that are suitable for duplication.
- Please avoid the following operations, otherwise services and packages in DSM may not function normally:
- Renaming the default admin account.
- Renaming the home folder of the default admin account (
/homes/admin
).
- Create a new administrator account by copying the admin account's settings:2
- Sign in to DSM with the default admin account.
- Go to the following locations to copy the admin account:
- For DSM 7.0 and above: Control Panel > User & Group > User tab, select the default admin account, click the downward arrow next to the Create button, and click Copy user.
- For DSM 6.2 and earlier: Control Panel > User > User tab, select the default admin account, click the downward arrow next to the Create button, and click Copy user.
- Fill in the Name, Description, Email, and Password fields for the new administrator and click Next.
- Confirm the settings and click Apply.
- Tick Enable user home service at the following locations to show the data within home folders:
- For DSM 7.0 and above: Control Panel > User & Group > Advanced > User Home.
- For DSM 6.2 and earlier: Control Panel > User > Advanced > User Home.
2. Duplicate data and update settings
Open a browser window and sign in to DSM as the new administrator. This window is where you perform the duplication. Then, open a private browser window3 to sign in as the default admin account. This private window is used for reference to view the default admin account settings.
Duplicate the following items from the default admin account to the new administrator account using the first window, unless specified otherwise.
Click the person-shaped icon at the upper-right corner of the DSM desktop and go to Personal. Duplicate the settings on these tabs from the admin account:
- Account
- Email Account (For DSM 6.2.4)
- Email Delivery (For DSM 7.0)
- Photo Station (Only available when Personal Photo Station is enabled. Refer to Duplicate home folder data for more information.)
- Others
Duplicate File Station settings1
Launch File Station, duplicate these settings from the admin account:
- Launch File Station, go to admin's home folder (
/homes/admin
) to select and copy all files and sub-folders, except for the following:- .Maildir: This folder is used by Mail Server and contains admin's mail data. Such data cannot be duplicated directly.
- #recycle: This folder contains the deleted data of the admin account.
- CloudStation: This folder is used by Cloud Station. Cloud Station is deprecated in DSM 6.2.4 and is replaced by Synology Drive Server.
- Drive: This folder is used by Synology Drive Server. Refer to Update package settings to transfer the data.4
- Go to the new administrator's home folder (
/homes/NewAdministrator
or/home
) and click Action > Paste - Overwrite to duplicate the data. - If the following folders are copied, we recommend re-indexing the folders:
- music: This folder is used by Personal Library for Audio Station.
- Go to Audio Station > Settings > Personal Library.
- Tick Enable Personal Library and click Re-index.
- photo: This folder is used by Personal Photo Station in DSM 6.2.4. If you are using DSM 7.0 and above, you may skip these operations.
- Go to Photo Station > Settings and tick Enable Personal Photo Station service.
- Go to DSM and click the person-shaped icon at the upper-right corner of the DSM desktop.
- Go to Personal> Photo Station, and click Re-index.
- photos: This folder is used by Synology Photos in DSM 7.0 and above.
- Go to Synology Photos > Profile > Settings > Advanced and click Re-index.
- music: This folder is used by Personal Library for Audio Station.
Package
|
Solution
|
---|---|
|
|
|
|
Sign in to MailPlus as the new administrator account and refer to this article to learn how to fetch email from the admin account to the new administrator account via POP3.
|
|
|
|
|
|
|
|
|
|
|
|
Update Task Scheduler settings
- Go to Control Panel > Task Scheduler, select the task that belong to admin and click Edit.
- Under the General tab, change the task owner to the new administrator account in the User field.
- Repeat the steps if there is more than one task.
3. Deactivate the default admin account
After the admin account's data are duplicated and settings updated, sign in DSM as the new administrator, and go to the following locations to deactivate the default admin account:
- For DSM 7.0 and above: Control Panel > User & Group > User tab. Double-click on the default admin account, go to Info, click Deactivate this account, and click Save.
- For DSM 6.2 and earlier: Control Panel > User > User tab. Double-click on the default admin account, go to Info, click Deactivate this account, and click OK.
4. Change client settings
If you have client devices that use the default admin account to connect to your Synology NAS, you must remove all previous connection settings from these client devices and establish a new connection with the new administrator account.
Service
|
Solution
|
---|---|
Refer to the "Configuration" section in this article to connect your client computer to your Synology NAS using the new administrator account credentials.
|
|
For the following file services, disconnect all existing connections first.
|
|
|
|
On the client Synology NAS, update the login information to the new administrator credentials at the following locations:9
|
|
Refer to this article to connect your client computers to Synology Drive Server using the new administrator account credentials.
|
|
Refer to this article to connect your client Synology NAS to Synology Drive Server using the new administrator account credentials.
|
Notes:
- Items that cannot be duplicated include, but are not limited to, the following:
- Download Station: Download tasks created by admin.
- File Station: Shared links created by admin. The links stay valid if the shared files/folders shared by admin are not moved or deleted.
- Synology Chat Server: Message history of admin.
- Synology Drive Server: File versions of the files located under
/homes/admin/Drive
. - Synology Moments: Albums that are automatically created for admin and manually created by admin.
- Synology Photos: Albums that are automatically created for admin and manually created by admin.
- The following settings will be copied:
- The groups that the admin account belongs to.
- The admin account's permission for each shared folder, excluding explicit permissions configured on sub-folders and files.
- The admin account's Quota settings. However, administrators have unlimited quota.
- The admin account's Privilege settings for applications.
- The admin account's Speed Limit settings.
- The name of a private window varies from browser to browser: "InPrivate" for Edge, "Incognito" for Chrome, and "Private window" for FireFox and Safari.
- If you are using DSM 6.2.4 and the folder
/homes/admin/Drive/Moments
exists, copy this folder to/homes/NewAdministrator/Drive/Moments
separately. This folder is used by Synology Moments. - If a non-encrypted task is deleted and the last sync activity is within 24 hours, the new task will be re-linked to the deleted task, and the synced data on the Synology NAS will not be synced again. If an encrypted task is deleted, or the last sync activity of a non-encrypted task is more than 24 hours ago, all files must be synced again.
- Transferred data include all files and folders under admin's My Drive, Synology Office files with versions, and the admin's file sharing records. The transferred data will be saved to
/homes/NewAdministrator/Drive/admin migration file/
. - To access the Synology NAS via AFP, use
afp://
instead ofsmb://
in Finder's Server Address field. - If you are backing up your Mac computer using Time Machine with the default admin account, remove the backup disk from your Mac first and configure Time Machine again with the new administrator account. The previous Time Machine backup data created by admin will remain, and you can continue to back up your Mac with the new administrator account.
- If you receive an error code 53 for the Shared Folder Sync task after you update the user credentials, refer to this article for solutions.