Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

2nd login for domain users

We regularly need to log-in as the user instead of administrator.  Is there any way (perhaps from AD) that we can assign a regularly changing password that will let us sign-in as the user when needed.  This way the user has a password for 'his account', as do domain admins.
0
tedpenner
Asked:
tedpenner
3 Solutions
 
sirbountyCommented:
A user account can only have a single password...
There's not an option to have one for the user and one for admins.

You can log in as the admin and then run specific applications using "RunAs", but unfortunately there's no solution like you're seeking...
0
 
chris_calabreseCommented:
Or the other way around - login as the regular user and use run-as to access a secondary administrator account (preferably one per person for auditability).

And in Vista, you'll actually be able to have a single admin-privileged account but run normally with regular privs but have something like run-as to get admin when you need it.
0
 
younghvCommented:
RichRumble will probably weigh in on this - he has published numerous articles on it.

We have 2 network accounts for each Domain Administrator.
A regular user account with the same privs as all other users on the network (how else can you test configurations and functions).
Each admin has a separate account to do that work ("Run As" or logged in with that account).

Giving an account admin rights and then allowing that user to log in that way for normal work is a major breach of basic network security and opens your network for some serious intrusion.

Vic
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
mahe2000Commented:
the operating system does not allow to do that because of a security problem. in that way you can steal users identity and act as if you were him.
0
 
sirbountyCommented:
With all due respect, I'm not certain that last comment provided anything on top of what was already stated...
0
 
younghvCommented:
Agree with sirbounty.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now