To restrict the default organization administrator from changing his control panel password using the organization control panel, you need to enable this feature using the following procedure.
To restrict the default organization administrator from changing his password:
Log on to the CP server as the domain administrator.
If you have multiple CP servers, you need to perform these instructions on any one of them, except step 4. You must perform step 4 on all CP servers so that this feature is enabled in the control panel irrespective of the CP server from where it is accessed.
Open a command prompt window and change to the <CP_install_dir>\bin directory, where <CP_install_dir> is the installation path specified during the Ensim Unify control panel software installation. For example, If you have installed the control panel software in the default directory, then go to C:\Program Files\Ensim\Ensim Unify\cp\bin.
Type the following command in the command prompt window.
SetGlobalConfig.exe <control_panel_username> <control_panel_password> "Global Unify Settings" UnifySettings AllowAdminPassChange false bool
where:
<control_panel_username> is the service provider’s user name for logging on to the control panel
<control_panel_password> is the service provider’s password for logging on to the control panel
Example: SetGlobalConfig.exe admin@example.net abc123 "Global Unify Settings" UnifySettings AllowAdminPassChange false bool
Run the command iisreset.
Stop the Provisioning Engine COM+ service by performing the following steps on all PE servers:
Log in to the PE server as the domain administrator.
Click Start > Administrative Tools, then click Component Services.
Expand Console Root > Component Services > Computers > My Computer > COM+ Applications.
Right-click Provisioning Engine, then select Shut down.
If you have more than one PE server, repeat the previous steps for each PE server.
The default organization administrator now cannot change his password using the organization control panel.