Um, why didn't you simply uncomment the "admin=admin" line in the properties file? And change the password, while you were at it. Or add another line with a different user/password? Turning off the jmx invoker security means that anyone can run the shutdown command, or use jmx console to mess around with the app server. Not recommended in a production environment. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165180#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...