Unlock an Internal Account

By initial policy, making three consecutive unsuccessful attempts to log on with a SAS internal account causes that account to be locked for one hour. This topic explains how to unlock the account immediately, so that you don't have to wait until the account lockout period has passed.
The preferred approach is to locate another user who has user administration capabilities. That user can unlock the internal account by completing these steps:
  1. Log on to SAS Management Console as someone who is unrestricted or who has user administration capabilities.
  2. On the Plug-ins tab, select User Manager.
  3. In the display pane, clear the Show Groups and Show Roles check boxes. Right-click the user definition of the person whose SAS internal account is locked out and select Properties.
  4. Select the Accounts tab. A message box asks whether you want to unlock the account. Click Yes.
  5. In the user's Properties dialog box, click OK. The account is now unlocked.
    Note: It isn't necessary to reset the user's internal password as part of unlocking the user's internal account.
If there is no other administrator available and you have the necessary host access, you can use this approach as a last resort:
  1. Edit the metadata server's adminUsers.txt file to create a new unrestricted user.
    1. Navigate to your equivalent of SAS/Lev1/SASMeta/MetadataServer/adminUsers.txt. Open the file with a text editor.
    2. Add a user ID for an account that is known to the metadata server's host. Include a preceding asterisk (for example, *WIN\winID or *unixID).
    3. Stop and restart the metadata server to make the change take effect.
      CAUTION:
      Stopping the metadata server stops other components.
  2. Log on to SAS Management Console using the user ID that you added to the adminUsers.txt file. In the status bar at the bottom of the application window, notice that you are unrestricted. Unlock the locked account (see the preceding instruction list).
  3. To verify that the account is unlocked, log on to SAS Management Console using the account.
  4. Open the adminUsers.txt file, remove the entry that you added, and stop and restart the metadata server.
Here are some additional tips:
  • If you choose to change the password for the original SAS Administrator, you might need to update the deployment.
  • You can customize the account lockout policy.
  • We recommend that you establish individual metadata administrators rather than sharing the predefined SAS Administrator account.

See Also

SAS Internal Authentication
How to Change Internal Account Policies
Copyright © SAS Institute Inc. All rights reserved.