As I stated in my last post, i have been using Cisco ISE more and more and recently got locked out of my instance… You can read more about how I reset the local credentials here. I want to prevent this from happening again and there are two ways to complete this:
1 – Disable and/or modify the local password policy
2 – Integrate ISE with Active Directory and leverage domain wide password policies.
We will look at Option 1 in this post. The first thing to do is navigate to Administration -> Admin Access -> Authentication. From there there will be a tab for Password Policy.
At the bottom of this screen, there will be an option called Administrator Passwords expire 45 days after creation or last change. You can increase the number of days or disable the setting all together by unchecking the box. I chose to disable it entirely as my ISE instance will be integrated to Active Directory and leverage those password policies.