Resetting the admin password in Sitecore, and some security considerations

As of Sitecore 7, one can still reset the admin password directly in the core database by executing the following statement:

UPDATE [aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc='   
WHERE UserId IN (
     SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin'
)

This resets the admin password to the default value, “b”. Obviously a reset is in order shortly afterward, and this highlights the need for good security at the database level, but this tip can be helpful if the password is reset to a value that’s somehow lost.

Here’s the kicker: resetting the admin password may be necessary even in environments where the Sitecore client is disabled.  Perhaps the client-disabled environment was set up with the default password, or it simply needs to be changed due to security requirements. The password may still actually be used in a client-disabled environment as well, if the admin pages are not also disabled.

If that is the case, one easy approach may be to:

  1. Reset the admin password in a non-client-disabled environment;
  2. Get the stored, hashed password by running the following query in the core database of the non-client-disabled environment; and
    SELECT Password FROM [aspnet_Membership]   
    WHERE UserId IN (
         SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin'
    )
  3. Copy the password to the client-disabled environment, by running UPDATE statement above with the changed password in the core database of the client-disabled environment.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s