If ADMIN users is deleted, is there a way to get it back? Other than reinstall LFS...
How did you delete it?! Have you tried restoring the trustee table?
Hi Levi,
I'm with Ben on this one. Try restoring the trustee table. Re-installing LFS won't help you because the repository data/users are in the database. You would need to restore the repository database from a backup. But if you go down that road don't forget to restore the volumes along with the DB so everything matches.
Good luck!
Hi Levi,
Without knowing exactly how the account was deleted, it's difficult to give you the best recovery options. It might be enough to restore just trustees or you might need to restore the whole database (then match the volumes), as Chris suggested.
If you have access to SQL you can elevate permissions to admin of an existing account or group by changing the following in the sql database named the same as the repository in question.
Find a user/group to elevate to admin by browsing the trustee table and capturing the SID value.
Then open the account_security table and lookup the row by SID identified above, and change the privs field value to "503054063" and the uif value to "536885055".
You could manually add an account but that is much more complicated.
There's actually nothing special about the ADMIN account, it's just an account that's put there to start. It doesn't have any special privialges beyond what you can assign to any account in the administration consooe.
You mentioned reinstalling LF as a way to get back the ADMIN user, which makes me think you are asking specifically about the user named ADMIN that we pre-create for you. There is nothing inherently special about the user we create upon installation, so you can make a new ADMIN.
If you are just concerned with having a user named ADMIN with the same access rights that we enable by default, you can create a new user named ADMIN and grant:
This will not bring back any attributes or security settings for the user that was deleted, but it was unclear to me whether you needed that information or not.
To be able to create this user, you need to be logged in as a user with the "Manage Trustees" privilege (required to create the user and assign feature rights) and "Set Trustee Privileges" (required to grant privileges).
We took over an account, i looked at the Users, i do not see ADMIN, i looked into dbo.trustee and i do not see ADMIN in column trustee_name. The reason i want to restore ADMIN since ADMIN user does not use a license, i do not want to created another user and eat up a license just for an administrator or settings up LF products to communicate with LFS, for example setting up Audit Trail, i use ADMIN user for it.
As myself and Pava already said, there is nothing inherently special about the user we create upon installation, so you can make a new ADMIN. It will behave the same way.
The Laserfiche Avante deployment guide (https://support.laserfiche.com/GetFileRepositoryEntry.aspx?id=3051&mode=download ), among others, discusses the administrative sessions:
Named user licenses in Laserfiche Avante must be assigned to users or devices. Both steps—creation or authorization of the trustee, and allocation of the named user license—must be performed before a user can log in. However, when you begin implementing Laserfiche Avante, you must be able to log in to the Administration Console in order to set up the first Windows Accounts users.
In order to facilitate this, Laserfiche Avante allows an administrative connection to the Laserfiche repository to set up the initial users. You can use this connection to log in as any user with the Manage Trustees or Set Trustee Privileges privilege. In new repositories, you can use the Admin user for this purpose. This administrative connection is to allow you to add the accounts necessary for the allocated named users to log in.
The initial setup of Admin qualifies for this,, but it's not solely tied to Admin. Also, Admin will use a license if the initial administrative connection is currently in use as well.
Thanks for the reply Justin! I just want to confirm, I just need to login to LF Admin Console with a user that has managed users and groups privilege and create a new "ADMIN" lf user and give all the rights and priveleges that the default "ADMIN" user comes with a new install of LF, right?
I tried to add "ADMIN" user but the only login i have does not have privelege to assign priveleges to users and i cannot login to LF Client because the newly created "ADMIN" is not a named user.
That's true, you'll need the set privileges privilege to grant the relevant privileges to any given account. Are there no accounts left that have that right?
All named user license is assign to users already, that is why I'm trying to look for a way to recover the original "ADMIN" user that comes when installing Laserfiche for the first time.
Following question: is there a way to know if a user was renamed without Audit Trail?
The question isn't really about named user licensing, it's about the ability to set the privileges on the user you just created. If you have an existing user with the 'Set Trustee Privileges' privilege, they can grant the necessary privileges to your new admin account. Again, there's nothing special about the 'Admin' account, it's the fact that it has been granted these privileges.
Frankly, if you already have a user with those privileges, you can just use that for the scenarios you have mentioned.
And no, you'd need Audit Trail for tracking changes like that.
As Justin and others have indicated, administering the repository consumes a license regardless if it's named admin or not. Laserfiche creates it on setup but it still consumes a license.
If you do not have access to an account that has full admin privileges, the only way to get them back, without reinstall, is to modify the sql field values mentioned above.
Cheers,
Carl
The sql table account_security