What version of JBossAS are you using? Also, are you using JBossAS or JBossEAP? EAP is available only from the support site if you purchase a subscription. Anyway, JBossAS does not have the jmx invoker locked down. If it is locked down, you or someone else must have locked it down. In that case I would not know the exact file (if any) to look at. If you have JBossEAP, jmx invoker is locked down out-of-the-box, but there are no user ids set up out-of-the-box so there is no way to log in. The default configuration for JBossEAP uses the jmx-console-users.properties files in the server/xxx/conf/props directory to store the user id an password. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165152#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...