Go Premium for a chance to win a PS4. Enter to Win


How to access the microsoft user settings without actually logging into the system as  that user.

Posted on 2016-08-18
Medium Priority
Last Modified: 2016-08-21
At my work there are times when I must logon as each specific user in order to make sure that some user settings are properly established.  Such as:

- When we are implementing a new Citrix farm and we are using new Microsoft Terminal Servers.  

Initially it will take a while to load a roaming Citrix user profile on each specific new server; but after it has been loaded, it logs on much faster.  Equally important I want to make sure that the Google Chrome settings are copied over, because Google Chrome settings are not automatically transferred over.

One of our users complained to me that at every other work place no one from their IT department has ever asked him for his logon credentials.  They just have another way to check that stuff.  In fairness, I do try to be pro-active in taking care of user problems instead of being re-active.

can anyone inform me of a tool that will allow me to logon as a user on a server or workstation in our Active Directory Domain without actually asking those users for their AD logon credentials?  We use Windows Server 2008 R2 and Windows Server 2012 R2.
Question by:Pkafkas
  • 3
  • 2
LVL 85

Expert Comment

ID: 41761671
That user was right, and that has nothing to do with being pro-active or re-active.
There is no way to do so, there is no need for it, you shouldn't even consider it, full stop.
This is in the user's best interest as well as yours.
Think of it this way: if you have a user's logon information, he can, for example, write whatever he always wanted to say in whatever tone he wanted to say it to his boss or whoever else, and then claim it was you, because you have his logon information.
You test whatever you have to test with a dedicated test user, setup exactly like your other users, and that should be enough.

Author Comment

ID: 41762998

Let me inquire about a few things?

Network Security aside, passwords can always be re-set after the fact.

1.  How may I create a user account for a user on a new server, without actually logging on is as that user?.  
         a.  Where I must copy the Google Chrome settings, from another device?

The only way to do this, that I am aware of, would be to have the user logon as their account and then logout and then... I can go about doing this.  Do  you know of another way?

2.  How to setup the Outlook settings for a user's profile (Using Outlook 2010) without loggining in as that user and manually following the Outlook setup wizard?

3.  My question is not if that is good security design, my question is how to logon to a system without that users login credentials to setup the user's settings.

Quite frankly, if I did not do these things the users would flip a gasket and complain by saying every time there is a IT update I loose all of my information and I cannot get anything done like I used to.  They would continue to say that these settings should have been setup before I logged on.  I do not have any time for these inconveniences.  In a perfect world we would follow the rule book for security to the code.  But sometimes the reality is you have to work with what you have and manage it the best you can.  Again, my original question is:

How may I create the user's windows and application settings without that users login credentials?   Is there by chance an application that works this way so I do not have to logon as those users?
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 41763146
1. Can't follow you, sorry. User accounts are created in the domain, not on a server, and creating an AD account doesn't require a user's logon.
1a. Classic case for a logon script. Don't know where Google keeps its settings and whether they roam or not, but in general, you can use a logon script to copy settings during logon from the user's Home drive or any other central location into the profile folder where you need it, and use a logoff script to copy it back to the central location.
2. I'm no Outlook/Exchange Expert, but if the correct DNS entries are set, Outlook should pretty much configure itself automatically.
3. You can't. You can reset the user's password, but that's totally different from knowing his password - password reset is by default an audited action, and the user will know that his password was reset, because you can't set it back to the original.

So either you have a centralized management and standardized user accounts and settings - then you can use logon/logoff scripts, GPOs, and GPO preferences to your heart's content to make sure everything is set up the same way for every user.
Or you have some open environment where every user can choose his own desktop background, screen saver, applications, whatever, and enjoy their freedom - but then they can't realistically expect you to hold their hands while they configure their applications.
That said, a Citrix/Terminalserver environment is by design a classic case for a standardized environment, giving you all the power of scripts and GPOs to avoid having to configure anything manually. That includes pretty much any Windows and application setting there is - it's just a matter to find out which registry setting and file holds which configuration.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 15

Expert Comment

ID: 41763156
Totally agree about not proxying in as any user.  The downstream repercussions from your Information Security folks would not be pretty.

Maybe think about setting up a few test accounts so that you can confirm functionality for users or changes to functionality.

Author Comment

ID: 41763349
The object of this questions is how to setup a user's account on a new terminal server without using that user's logon credentials.  It has been said that you cannot.  That is what I wanted to know.

It is not the objective for you to "follow" our users' expectations.

I think my co-worker must be accessing published applications (from other Citrix Farms) instead of accessing published Desktops (we have published desktops in our Citrix environment) from these other places.  That must be how other IT Departments are able to change/update application versions and Citrix Servers while not have to bother with setting up the initial user settings that are not transferred over easily.

Without getting off topic, might anyone else know how to logon to a new Terminal Server to access a published desktop (that has user specific settings) besides logging on as the user itself?

Author Comment

ID: 41764656
I am going to close this case because it appears that there is no other way to setup a local user account on a new on a new terminal server.  That was my question and to hopefully get a think tank generated about how others may give the appearance about changing settings.  I think my theory about published applications is a pretty good one.

I am going to award oBda the points; but, I am not happy about it.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question