How to Create a New Admin User and Delete the Default Admin on Mikrotik

Creating a new admin user and deleting the default admin in MikroTik enhances security and control over the network.

Understanding MikroTik User Management
MikroTik routers offer a robust user management system. This system allows the creation, modification, and deletion of users with different access levels.
Default admin accounts often pose security risks. Therefore, creating a new admin user and deleting the default account is a recommended practice.
Benefits of Creating a New Admin User
Creating a new admin user provides greater security and flexibility. It allows for tailored access levels and better tracking of administrative changes.
Utilizing unique usernames and passwords enhances protection against unauthorized access. This practice also simplifies the management of user permissions.
Step-by-Step Guide to Create a New Admin User
Follow this step-by-step guide to create a new admin user on MikroTik:
- Access the MikroTik Router through Winbox or WebFig.
- Navigate to the âSystemâ menu.
- Select âUsersâ from the dropdown.
- Click on the âAddâ button to create a new user.
- Enter the desired username and password.
- Assign the âfullâ group to grant administrative privileges.
- Click âOKâ to save the new user.
Deleting the Default Admin User
Once the new admin user is created, the default admin account can be deleted. This step is crucial in enhancing security.
To delete the default admin user, follow these steps:
- Return to the âUsersâ section in the âSystemâ menu.
- Select the default admin user (usually named âadminâ).
- Click on the âRemoveâ button.
- Confirm the deletion when prompted.
Technical Specifications Comparison
| Feature | Default Admin | New Admin User |
|---|---|---|
| Username | admin | Custom Username |
| Password | Default Password | Strong, Unique Password |
| Access Level | Full Access | Configurable Access |
| Security Risk | High | Low |
Best Practices for Admin User Management
Implementing best practices for user management can prevent many security issues. Regularly updating passwords and user permissions is essential.
Furthermore, it is advisable to limit the number of users with administrative access. This reduces the risk of unauthorized changes to the network.

DomineTec Tip: Regularly review user accounts and permissions to ensure compliance with security policies.
Conclusion
Creating a new admin user and deleting the default admin account on MikroTik is a crucial step in securing your network. Following the outlined steps ensures a safer and more manageable user environment.
Maintaining high security standards is essential for protecting network resources. Implementing these practices will contribute to a more secure network infrastructure.

Understanding User Privileges and Permissions
In MikroTik, different user profiles can be created to assign specific privileges, ensuring secure access control. The 'full' profile grants complete access, while 'read' provides only viewing permissions.
Creating a Custom User Profile
Custom user profiles can be configured by navigating to the "User" section and selecting "Profiles." Define specific permissions by modifying the access rights associated with each profile.
CLI Commands for User Management
The terminal can be utilized for user management with commands such as '/user add name=newadmin group=full' to create a new admin user. To delete the default admin, use '/user remove admin' after ensuring that another admin account exists.
Backup Configuration Before Deleting Default Admin
Creating a backup is essential before making significant changes to user accounts. Use the command '/export file=backup' to save the current configuration settings securely.
Monitoring User Activity
User activity can be monitored through the "Logs" section, where access attempts and changes are recorded. Implement log settings by navigating to "System" > "Logging" and configure rules as necessary.
Best Practices for Admin Account Security
Utilizing strong passwords and enabling two-factor authentication is crucial for securing admin accounts. Regularly updating passwords and auditing user privileges enhances overall network security.
Restoring Default Settings if Necessary
If issues arise after deleting the default admin, restoring the MikroTik device to factory settings may be required. Use the command '/system reset-configuration' to revert to original settings, but ensure a backup is available.
Understanding User Permissions and Roles
Mikrotik RouterOS allows for granular control over user permissions through the use of roles. Each role can be customized to grant specific rights such as read, write, or execute permissions on various configurations.
Creating User Profiles with Custom Scripts
User profiles can be enhanced by assigning custom scripts that execute upon login. This can be achieved using the "/user add" command along with the "on-login" parameter to specify the script to run.
Backing Up Configuration Before Deletion
Before deleting the default admin user, it is essential to back up the current configuration. The command "/export file=backup" can be used to create a backup file, ensuring that no configurations are lost during the process.
Using Winbox for User Management
Winbox provides a graphical interface that simplifies user management tasks. Navigate to the "System" menu and select "Users" to view, add, or delete users without needing to use command line syntax.
Security Best Practices for User Management
It is recommended to use complex passwords and regularly update them to enhance security. Additionally, limiting access to administrative functions based on IP addresses can help prevent unauthorized access.
Monitoring User Activity with Logs
Mikrotik RouterOS includes logging capabilities to monitor user activity. The logging can be configured using "/system logging" to track user actions and identify potential security issues.
Understanding User Privileges and Access Levels
MikroTik RouterOS allows the assignment of various user privileges, which determine the level of access each user has to the system. It is essential to assign the appropriate access levels to new admin users to maintain security and functionality.
Creating a Secure Password Policy
When creating a new admin user, it is vital to implement a strong password policy that includes a mix of upper and lower case letters, numbers, and special characters. Regular updates to passwords can also enhance security and reduce the risk of unauthorized access.
Using the Command-Line Interface (CLI) for User Management
The MikroTik CLI provides powerful commands for user management, such as '/user add name="newadmin" password="yourpassword" group="full"'. This method allows for quick and efficient user creation without navigating through the GUI.
Verifying User Creation and Connection Settings
After creating a new admin user, it is advisable to verify its existence by using the command '/user print'. Additionally, ensure that the connection settings are configured correctly to allow the new user to log in remotely if necessary.
Best Practices for Deleting Default Admin Users
When deleting the default admin user, utilize the command '/user remove admin' to ensure it is removed safely. It is recommended to first log in with the new admin account to confirm that access is retained before deleting the default account.
Creating a New Admin User in MikroTik RouterOS
Creating a new admin user in MikroTik RouterOS involves several precise steps that ensure proper access control and security management. The process can be executed via the Winbox graphical user interface or through the command line interface (CLI) using SSH or the terminal within Winbox.
To initiate user creation, access the MikroTik router via Winbox or an SSH client. Navigate to the 'System' menu, and select 'Users' to open the user management window.
In the user management window, click the 'Add' button to create a new user. Assign a username that follows your organization's naming conventions, and set the password to a strong, unique value to enhance security.
Define the group for the new user to specify the level of access they will have. Typically, for an admin user, the 'full' group is assigned, which grants complete control over the router's configurations.
Once the user is created, it is advisable to review the user permissions to ensure compliance with security policies. Use the command '/user print' in the CLI to list all users and verify that the new admin user appears in the list with the correct permissions.
Deleting the Default Admin User in MikroTik RouterOS
After successfully creating a new admin user, the next step is to delete the default admin user to reduce potential security vulnerabilities. The default admin account, while necessary for initial setup, should be removed or disabled to mitigate unauthorized access risks.
Access the MikroTik router again through Winbox or SSH, and return to the 'System' menu, then to 'Users'. Locate the default admin user, typically labeled simply as 'admin', in the user list.
To delete the default admin account, select the user and use the 'Remove' button in the GUI, or execute the command '/user remove [find name="admin"]' in the CLI for a more rapid approach. It is crucial to ensure that the newly created admin user has been tested and can access the router prior to this action.
Post-deletion, verify the user list again with the command '/user print' to confirm the admin user has been successfully removed. Conduct a security audit to ensure that all configurations are intact, and there are no remnants of the default settings that could pose security risks.
Understanding User Management in MikroTik RouterOS
MikroTik RouterOS provides a robust user management system that allows administrators to create, modify, and delete user accounts with varying levels of access. A critical aspect of managing users is understanding the different privilege levels and how these affect network security and access control.
In MikroTik, user roles are defined by the permissions associated with each user. The default admin account is powerful and has full access to all functionalities, making it a target for unauthorized access. To enhance security, it is recommended to create a new user with specific permissions tailored to the needs of the organization.
To create a new admin user, the command used is:
/user add name="newadmin" group=full password="securepassword"
This command creates a new user named "newadmin" with full administrative privileges. It is crucial to assign a strong password to mitigate the risk of brute-force attacks.
After creating a new user, the next step involves verifying the user account's permissions. This can be done using the command:
/user print
This will display all user accounts along with their assigned groups. Ensuring that the new user appears in this list confirms successful creation.
Once the new admin user has been validated, the next recommended step is to delete the default admin account. This is important to prevent the default credentials from being exploited. The command for deletion is:
/user remove admin
However, it is crucial to ensure that you are logged in with the new admin account before executing this command to avoid being locked out of the system.
Best Practices for Securing MikroTik User Accounts
Securing user accounts on MikroTik devices is paramount for preventing unauthorized access and maintaining network integrity. One of the best practices involves regularly updating passwords and enforcing strong password policies.
Administrators should implement a password complexity policy that mandates the use of uppercase letters, lowercase letters, numbers, and special characters. For example, a password like "MikroTik@2023!" not only meets complexity requirements but also provides a higher level of security.
Additionally, enabling two-factor authentication (2FA) can significantly enhance account security. MikroTik RouterOS supports 2FA through the use of mobile applications like Google Authenticator, which generates time-based one-time passwords (TOTP) for access verification.
To enable 2FA, the following command can be utilized:
/user set newadmin two-factor-authentication=yes
This command activates 2FA for the specified user, requiring the user to input a code from their authentication app upon login. This extra layer of security makes it considerably harder for attackers to gain access, even if they discover the user's password.
Regular auditing of user accounts is another critical practice. It is essential to review user access levels and remove accounts that are no longer needed, especially those belonging to former employees or contractors. The command:
/user print
can be used to periodically verify active users and their associated permissions. Maintaining an up-to-date list helps mitigate potential security risks associated with dormant accounts.
Finally, implementing logging and monitoring solutions will assist in tracking access attempts and changes made within the MikroTik device. Configuring logging can be done via:
/system logging add topics=user,!debug action=memory
This command ensures that all user-related events are logged in memory, making it easier to identify unauthorized access attempts or configuration changes. Continuous monitoring of these logs can provide insights into potential security threats and allow for prompt remediation.
Understanding User Roles and Permissions in MikroTik RouterOS
MikroTik RouterOS operates on a robust user management system that allows administrators to define user roles and permissions, ensuring that only authorized personnel can access specific functionalities.
Understanding the different user roles is crucial for maintaining security and operational integrity within the network environment.
There are several predefined user groups in MikroTik, including 'full', 'read', 'write', 'policy', and 'test', each offering varying levels of access to the router's configuration settings.
The 'full' user has complete control over the device, while the 'read' user can only view configurations without the ability to make changes.
Creating a new admin user with the appropriate permissions can be accomplished using the command line interface (CLI) or the Winbox graphical interface, both of which provide intuitive methods for managing user accounts.
To create a new user via CLI, the command `/user add name=NewAdmin password=StrongPassword group=full` is utilized, where 'NewAdmin' is the desired username and 'StrongPassword' is a secure password.
Upon successful execution of the command, the newly created user will possess 'full' access, allowing comprehensive management capabilities across the router.
It is essential to regularly review user roles and permissions, particularly after creating new users or modifying existing accounts to align with organizational security policies.
To check existing users and their associated groups, the command `/user print` can be employed, providing a clear listing of all accounts along with their assigned roles.
In situations where a user account needs to be modified or deleted, commands such as `/user set NewAdmin group=read` or `/user remove NewAdmin` can be executed, ensuring proper management of user privileges and adhering to the principle of least privilege.
Best Practices for Securing the MikroTik Router After Admin User Creation
After creating a new admin user, implementing best practices for securing the MikroTik Router is paramount to prevent unauthorized access and potential breaches.
One of the first steps in securing the router is to disable the default admin user, which is commonly targeted due to its well-known username.
This can be achieved by executing the command `/user disable admin`, effectively rendering the default account inactive while retaining the option to re-enable it if necessary.
Furthermore, setting up strong passwords for all user accounts is critical; passwords should incorporate a mix of uppercase letters, lowercase letters, numbers, and special characters, with a recommended length of at least 12 characters.
Enabling two-factor authentication (2FA) provides an additional security layer, which can be configured through the use of a third-party application or hardware token.
Network segmentation is another key security measure; isolating sensitive devices and users from the broader network can limit exposure to potential threats.
Employing firewall rules is essential for controlling traffic to and from the router; commands such as `/ip firewall filter add chain=input action=drop protocol=tcp dst-port=23` can be used to block specific services, thereby reducing vulnerability.
Regularly updating the RouterOS firmware and packages is crucial for maintaining security; commands like `/system package update check-for-updates` followed by `/system package update download` facilitate the update process.
Finally, monitoring system logs through `/log print` provides insights into router activity and can help identify unauthorized access attempts or unusual behavior.
Establishing a routine for backup and recovery is also recommended, ensuring that configurations can be restored promptly in case of a compromise or failure.
Frequently Asked Questions
How often should admin passwords be changed?
Admin passwords should be changed regularly, ideally every 3 to 6 months, to enhance security.
What if the new admin user cannot access the router?
If the new admin user cannot access the router, ensure that the correct username and password were entered. Additionally, check user permissions in the MikroTik user management section.
Can multiple admin users be created?
Yes, multiple admin users can be created, but it is advisable to limit the number to necessary personnel to maintain security.
What happens if the default admin is deleted?
Deleting the default admin user will not affect the router's functionality as long as at least one admin user remains active.
Is it necessary to back up the configuration before making changes?
Yes, it is always recommended to back up the configuration before making significant changes to prevent data loss.
Liked it? Share!




