Changing System Administrator Passwords on Microsoft Windows

Before you run the Database Configuration Wizard to configure the Siebel database on the RDBMS, you must create a Siebel administrator account, either manually (on IBM DB2) or using the grantusr.sql script. The default user ID for the Siebel administrator account is SADMIN (case-sensitive). You must also create a password for the account. The password you assign to the administrator account cannot be the same as the user name of the account.

To increase the security of your Siebel implementation, it is recommended that you change the Siebel administrator password at regular intervals. You might also have to change the password for the Siebel service owner account, which is the Windows user who starts the Siebel Server system service. This topic outlines procedures for performing both tasks. For more information about setting up these accounts for initial use, see the Siebel Installation Guide for the operating system you are using.

Changing the Password for the Siebel Service Owner Account

Use the procedure below to modify the password for the Siebel service owner; this is the Microsoft Windows user account that starts the Siebel Server system service.

Note: If a password expiration policy for Windows user accounts exists, then make sure that the Siebel service owner password is updated before it is due to expire to maintain the availability of the Siebel Servers.

To change the password for the Siebel service owner account  

1. Change the Windows domain login password for the Siebel service owner account.

   For more information on changing domain passwords, refer to your Windows documentation.

2. Change the password for the Siebel Server system service.

   1. From the Windows Start menu, choose Settings, Control Panel, Administrative Tools, and then the Services item.

   2. Right-click on the Siebel Server System Service, and select Properties.

   3. In the Properties dialog box for this service, click the Log On tab.

   4. Enter the password in the Password and Confirm Password fields, and click OK.

      
      

      Note: The password specified here must correspond to the Windows domain login password you modified in Step 1.

      
      

3. Stop and restart the Siebel Server system service. For details, see Siebel System Administration Guide.

Changing the Password for the Siebel Administrator Account

Use the following procedure to modify the password for the Siebel administrator database account. You must also change the corresponding password parameter for the Siebel Enterprise, and then delete the Siebel Server system service and re-create it using the new password.

To change the Siebel administrator password  

1. Change the value of the Siebel administrator's Enterprise password parameter using either the Server Manager command or the Siebel user interface.

   The following steps describe how to change the password using the Siebel user interface:

   1. Log into a Siebel employee application, such as Siebel Call Center.

   2. Navigate to the Administration - Server Configuration screen, then the Enterprises view.

   3. Click the Parameters tab.

   4. In the Enterprise Parameters list, select the Password parameter.

   5. In the Value field, enter the new password, then commit the record.

2. Log out of the Siebel application (all users must log out).

3. Change the Siebel administrator's password in the database.

   For more information, refer to your RDBMS documentation on changing passwords.

4. On each Siebel Server in your Siebel Enterprise, delete the existing Siebel Server system service, then re-create it with the new administrator password as follows:

   1. Delete the Siebel Server system service using the following command:

      siebctl -d -S siebsrvr -i "EnterpriseName_SiebelServerName"
      

      where:

      • EnterpriseName is the name of your Siebel Enterprise

      • SiebelServerName is the name of the Siebel Server

      For example:

      siebctl -d -S siebsrvr -i "sia8x_app01"
      

   2. Re-create the Siebel Server system service using the following command:

      siebctl -h SIEBSRVR_ROOT -S siebsrvr -i "EnterpriseName_SiebelServerName" -a -g "-g GatewayServerHostname:port -e EnterpriseName -s SiebelServerName -u sadmin" -e NewPassword -u Account -p Password
      

      where:

      • SIEBSRVR_ROOT is the full path to the Siebel Server installation directory

      • EnterpriseName is the name of your Siebel Enterprise

      • SiebelServerName is the name of the Siebel Server

      • GatewayServerHostname is the name of the Gateway Name Server host

      • port is the port number of the Gateway Name Server

      • sadmin is the administrator user ID

      • NewPassword is the new Siebel administrator password in plaintext. The siebctl utility encrypts the password.

      • Account is the Siebel service owner account name

      • Password is the Siebel service owner account password

      For example:

      D:\sia8x\siebsrvr\BIN>siebctl -h "d:\sia8x\siebsrvr" -S siebsrvr -i "sia8x_app01" -a -g "-g localhost:2320 -e sia8x -s app01 -u sadmin" -e sadmin -u .\SADMIN -p xxxxxxxx
      

5. Start the Siebel Server system service.

   For information on how to start the Siebel Server system service, see Siebel System Administration Guide.

Changing AnonPassword When SADMIN is set to Anonymous User

Note: The information in this topic applies to Microsoft Windows and UNIX.

It is strongly recommended that you do not set SADMIN (the system administrator account) to the anonymous user (AnonUserName) in the eapps.cfg file. Set AnonUserName to a Siebel user (for example, GUESTCST) with minimum responsibilities (access to the login view).

However if you set SADMIN to AnonUserName, then you must do the following:

• Change the password associated with the anonymous user (AnonPassword) in the eapps.cfg file.

• If EncryptedPassword is set to True in the [defaults] section or the virtual directory settings in eapps.cfg, then run encryptstring <new SADMIN password> from the Siebel Server bin folder to obtain the encrypted version of the AnonPassword to set in eapps.cfg.

• Restart the Web server for the changes in eapps.cfg to take effect.

Caution: Never use the system administrator account (SADMIN) as the anonymous user account (AnonUserName) in a production environment. It is only acceptable to do so for development or test environments.

For more information about the anonymous user, see "Configuring the Anonymous User".