Support HubAdd Mandatory Users and Reset Passwords
Add Mandatory Users and Reset Passwords
Overview
This utility script ensures that essential system users exist in the Users table with correct passwords. It creates mandatory service accounts if they don't exist and resets their passwords to known values. This script is typically used during system setup, maintenance, or recovery operations to ensure critical system accounts are properly configured.
Parameters
This script has no input parameters - it operates with hardcoded user accounts and password hashes.
Data Components
The script manages three critical system accounts:
- USER - Primary system user account
- SERVICE - ATM service account for system operations
- AUTOSVC - Automated service account for background processes
Output Format
This script produces no direct output but modifies the Users table:
| Column | Data Type | Description |
|---|---|---|
| NAME | varchar | User account name |
| Password | varchar | MD5 hashed password |
| LOCKED | int | Account lock status (0 = unlocked) |
| LASTLOGIN | varchar | Last login timestamp (empty for new) |
| ENABLED | int | Account enabled status (1 = enabled) |
| ACCESSLEVEL | int | User access level (2 = service) |
| DESCRIPTION | varchar | Account description |
Technical Implementation
The script uses:
- Conditional INSERT statements with
IF NOT EXISTSchecks - Direct UPDATE statements for password resets
- Hardcoded MD5 password hashes for security
- Standardized account properties (enabled, access level, descriptions)
Account Configuration
- Access Level: All accounts set to level 2 (service accounts)
- Status: All accounts enabled and unlocked by default
- Passwords: Pre-hashed MD5 values for security
- Descriptions: Clear identification of account purposes
Notes
- System Critical: These accounts are essential for system operation
- Password Security: Uses MD5 hashed passwords (consider upgrading to stronger hashing)
- Idempotent: Safe to run multiple times without creating duplicates
- Service Accounts: All accounts configured as service-level users
- No User Input: Completely automated with no interactive prompts
- Recovery Tool: Useful for system recovery and maintenance scenarios
- Run during system maintenance windows
- Verify account functionality after execution
- Consider updating to stronger password hashing algorithms
- Document actual passwords securely for administrative access
- Monitor these accounts for unauthorized access attempts
T-SQL
Update Users
Set Password='319F4D26E3C536B5DD871BB2C52E3178'
Where Name='USER'
Update Users
Set Password='48C7FE92DBEAB8ED143B6A14AB802965'
Where Name='SERVICE'
IF Not Exists (Select NAME from Users where NAME='USER')
Insert Into Users
Values ('USER','319F4D26E3C536B5DD871BB2C52E3178',0,'',1,2,'System User')
IF Not Exists (Select NAME from Users where NAME='AUTOSVC')
Insert Into Users
Values ('AUTOSVC','89A1533C37EC9254F22B5E0F29C9C0FF',0,'',1,2,'Auto Service Account')
IF Not Exists (Select NAME from Users where NAME='SERVICE')
Insert Into Users
Values ('SERVICE','48C7FE92DBEAB8ED143B6A14AB802965',0,'',1,2,'ATM Service Account')Content Inventory
- Doc File:
content/docs/utilities/add_mandatory_users_and_reset_passwords.mdx - SQL Script:
SQL/utilities/add_mandatory_users_and_reset_passwords.sql