NAS systems sometimes store a huge pile of important data - the servers are also interesting for hacker attacks. If you are traveling with a Synology NAS system, the DSM operating system has been telling you to deactivate the standard admin account for some time. How this works and what it is all about, we will show you here.
Disabling admin account makes it harder for hackers
Whether desktop operating system, router or just a NAS: The user name admin is often used as a standard login to log into the user interface - with all associated user rights. If an attacker tries to gain access to the system, he "only" has to guess the password if there is an admin account. That makes Brute-Force-Attacks much easier.
For this very reason, more and more device manufacturers are discouraging creating an account with the username admin set up. Also Synology points in its NAS operating system DiskStationManager have been pointing out for a long time to turn off the account and set up an individual user name with admin rights instead. In this way, you increase the security of your NAS system with relatively little effort.
This is how you turn off the admin account in Synology DSM
So that you are not excluded from your NAS system, you must first enter a new administrator account invest. To do this, first log in to DSM with the standard admin account and open the control Panel. Here you switch to the section user and group (or. User, if you haven't already switched to the DSM 7 are). Create one here with the button of the same name new user and fill in the required information. In the second step you add the new account to the Administrators group added.
Complete the wizard and assign other rights as you wish. Basically you can of course allow everything. Once you're done with that, log out of the DiskStation Manager and mentally say goodbye to your admin account... Now log in with the newly created admin account and open the control panel again. Now mark that adminaccount and click Edit. You cannot delete the original account, but you can deactivate it.
Put a tick next to it Deactivate this account and choose Sofort. With one click on Save you now shut down the account and thus ensure a little more security on your NAS system.
If necessary, check settings, services and apps beforehand
Deactivating the standard account is definitely recommended, especially since you can reactivate it at any time if necessary. However, it gets a bit complicated if you have tailored your NAS environment (and thus also the installed NAS apps and Synology services) to use the admin account. In this case, you should first check which steps are necessary for smooth operation.
It is usually possible to transfer the relevant services, files and settings from the "bad" admin account to the newly added one. Here I just kindly refer to the support area of Synology. With this link you will find a comprehensive overview of the individual NAS services that may be affected by the admin lock. Here you will also find the appropriate solutions to get the services running again. Alternatively, it can also be worthwhile to simply start again from scratch here and there - in the spirit of the universal factory settings ;-)
Would you like more tips and tricks for Synology NAS systems? Do we -> This direction, please. Collect even more on the subject of security we here for you.
I also received this notice.
Now I'm wondering, if Synology is so concerned about the security of general "admin" access: Why don't they just allow you to change the name "admin" to the name of the account you create? before deactivating “admin”? According to my logic, that would have the same effect with SIGNIFICANTLY less effort.
Is there a logical explanation for this? And in combination with the already discussed 2FA: is deactivation even necessary?
Thanks in advance!!
Hello, here we should also point out the two-factor authentication that has existed for a long time.
That's a very good tip and has been on my tuto to-do list for a long time, so there's definitely more to come ;-)