Technical Tip: How to delete the default 'admin' user account on a FortiGate unit
Description
This article describes how to delete the default 'admin' user on FortiGate.
Scope
Any supported version of FortiGate.
Solution
Use the following steps to delete the default admin account on a FortiGate.
- If only one (the default) admin account exists with the 'super_admin' profile assigned, create a second super_admin account.
config system admin
edit <admin name>
set accprofile "super_admin"
set password xxxxxx
end
Example:
config system admin
edit "FGTadmin"
set accprofile "super_admin"
set password xxxxxx
next
end
- Close all administrative access sessions opened with the default admin account (log out from the web admin GUI, log out from the SSH/telnet CLI, and so on).
If not, the delete option will be greyed out in the GUI:-
FortiGate will give the following error:
(admin) # delete admin
Cannot delete admin while 'admin' is logged in!
command_cli_delete:6989 delete table entry admin unset oper error ret=-14
Command fail. Return code -14
Log in with the new super_admin account.
Delete the original 'admin' account.
- Log in with the new super_admin account.
- Delete the original 'admin' account.
Now, the delete option will be visible and the account can be deleted from the GUI:-
To delete the admin account, run the following in the CLI:
config system admin
delete admin
end