How to disable the initial password change prompt on a CE series switch

40

By default, the security policy function is enabled for local accounts on CE series switches to ensure security. Therefore, you will be asked to change the password at the first login.

If the initial password change prompt function is enabled for the next login on a switch, you will be also asked to change the password after the next login.

To disable a switch from asking you to change the initial password, run the following commands:

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance  //Disable the security policy function for local accounts.
                           
[*HUAWEI-aaa] undo local-user policy password change   //If the initial password change prompt function is enabled for the next login, disable it.
    
[*HUAWEI-aaa] commit

Other related questions:
How to disable password expiration on CE series switches
On CE series switches, run the local-user user-name password expire days command in the AAA view to set the password expiration time. Run the undo local-user user-name password expire command to restore the default password expiration time. By default, user passwords never expire. If the value of days is 0, the user password never expires.

How to change the password to a history password on a CE series switch
By default, the security policy function is enabled for local accounts on CE series switches to ensure security. The new password cannot be the same as any of the last 10 history passwords.

If the password complexity check function is configured, the new password cannot be the same as any of the last 10 history passwords.

To use a history password, run the following commands:
<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] undo local-user policy security-enhance //Disable the security policy function for local accounts.  
[*HUAWEI-aaa] undo local-user policy password complexity-enhance //If the password complexity check function has been enabled, disable it.                                           
[*HUAWEI-aaa] commit

Method used to cancel the prompt message that reminds users of password change for the USG6000 series
For the USG6000 series, run the undo manager-user password-modify enable command to cancel the prompt message that reminds users of password change. After the password change function is enabled, if an administrator logs in to the NGFW, the NGFW will prompt the administrator to perform the following operations based on the administrator account and password status: - If the administrator logs in to the NGFW for the first time after password management is enabled, the NGFW prompts the administrator to change the password. - After the administrator password expires, the NGFW requests the administrator to change the password. By default, the password change function is enabled.

Method used to cancel the password change prompt for the USG2000&5000 series
For the USG2000&5000 series, you can run the undo local-user password-modify enable command to cancel the password change prompt.
After the password change function, local users who have logged in through Telnet, SSH, web UI, or console port can change their password in the following situations:
- Upon the first login, the system forces you to change the password.
- When the user password expires, the system displays a message, asking you to change the password.
- Run the local-user password valid-days command to change the validity period of the password.
The password change function is disabled by default.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top