Cisco Cisco IPS 4255 Sensor

To disable password recovery in IDM, follow these steps:

Log in to the CLI using an account with administrator privileges.

Choose Configuration > Sensor Setup > Network. The Network pane appears.

To disable password recovery, uncheck the Allow Password Recovery check box.

If you are not certain about whether password recovery is enabled or disabled, see 

.

For more information on reimaging sensors, refer to 

Use the show settings | include password command to verify whether password recovery is enabled. To 
verify whether password recovery is enabled, follow these steps:

Log in to the CLI.

Enter service host submode.

sensor# configure terminal

sensor (config)# service host

sensor (config-hos)# 

Verify the state of password recovery by using the include keyword to show settings in a filtered output.

sensor(config-hos)# show settings | include password

   password-recovery: allowed <defaulted>

sensor(config-hos)#

To troubleshoot password recovery, pay attention to the following:

You cannot determine whether password recovery has been disabled in the sensor configuration 
from the ROMMON prompt, GRUB menu, switch CLI, or router CLI. If password recovery is 
attempted, it always appears to succeed. If it has been disabled, the password is not reset to cisco. 
The only option is to reimage the sensor.

You can disable password recovery in the host configuration. For the platforms that use external 
mechanisms, such as the AIM IPS and the NME IPS bootloader, ROMMON, and the maintenance 
partition for the IDSM2, although you can run commands to clear the password, if password 
recovery is disabled in the IPS, the IPS detects that password recovery is not allowed and rejects the 
external request.

To check the state of password recovery, use the show settings | include password command.