All unnecessary administration and IP Office user accounts should be removed or disabled to reduce the likelihood of forgotten default accounts being used for unauthorized access. Any remaining accounts must have their passwords changed. See User Accounts and Rights of Access for more information on the differing account types and locations.
Procedure
In IP Office Manager security settings Service Users tab, remove all unnecessary service user accounts; only retain accounts that are essential. The service user may be deleted or the account status set to Disabled.
For all remaining active Service Users, change password to a strong one of 8 or more characters. If using Server Edition, see Securing Server Edition Servers for alternative Service User administration using IP Office Web Manager.
In configuration Users: Delete any RAS telephony user accounts (for example 'RemoteManager') that are not required. For any that are required, change the password to a strong one of 8 or more characters.
