2nd login for domain users

Posted on 2006-11-15
Medium Priority
Last Modified: 2010-04-11
We regularly need to log-in as the user instead of administrator.  Is there any way (perhaps from AD) that we can assign a regularly changing password that will let us sign-in as the user when needed.  This way the user has a password for 'his account', as do domain admins.
Question by:tedpenner
LVL 67

Accepted Solution

sirbounty earned 672 total points
ID: 17947014
A user account can only have a single password...
There's not an option to have one for the user and one for admins.

You can log in as the admin and then run specific applications using "RunAs", but unfortunately there's no solution like you're seeking...
LVL 14

Assisted Solution

chris_calabrese earned 664 total points
ID: 17958096
Or the other way around - login as the regular user and use run-as to access a secondary administrator account (preferably one per person for auditability).

And in Vista, you'll actually be able to have a single admin-privileged account but run normally with regular privs but have something like run-as to get admin when you need it.
LVL 38

Assisted Solution

younghv earned 664 total points
ID: 17958206
RichRumble will probably weigh in on this - he has published numerous articles on it.

We have 2 network accounts for each Domain Administrator.
A regular user account with the same privs as all other users on the network (how else can you test configurations and functions).
Each admin has a separate account to do that work ("Run As" or logged in with that account).

Giving an account admin rights and then allowing that user to log in that way for normal work is a major breach of basic network security and opens your network for some serious intrusion.

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.


Expert Comment

ID: 18011312
the operating system does not allow to do that because of a security problem. in that way you can steal users identity and act as if you were him.
LVL 67

Expert Comment

ID: 18199142
With all due respect, I'm not certain that last comment provided anything on top of what was already stated...
LVL 38

Expert Comment

ID: 18200784
Agree with sirbounty.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question