How to access the microsoft user settings without actually logging into the system as that user.

At my work there are times when I must logon as each specific user in order to make sure that some user settings are properly established.  Such as:

- When we are implementing a new Citrix farm and we are using new Microsoft Terminal Servers.  

Initially it will take a while to load a roaming Citrix user profile on each specific new server; but after it has been loaded, it logs on much faster.  Equally important I want to make sure that the Google Chrome settings are copied over, because Google Chrome settings are not automatically transferred over.

One of our users complained to me that at every other work place no one from their IT department has ever asked him for his logon credentials.  They just have another way to check that stuff.  In fairness, I do try to be pro-active in taking care of user problems instead of being re-active.

can anyone inform me of a tool that will allow me to logon as a user on a server or workstation in our Active Directory Domain without actually asking those users for their AD logon credentials?  We use Windows Server 2008 R2 and Windows Server 2012 R2.
PkafkasNetwork EngineerAsked:
Who is Participating?
1. Can't follow you, sorry. User accounts are created in the domain, not on a server, and creating an AD account doesn't require a user's logon.
1a. Classic case for a logon script. Don't know where Google keeps its settings and whether they roam or not, but in general, you can use a logon script to copy settings during logon from the user's Home drive or any other central location into the profile folder where you need it, and use a logoff script to copy it back to the central location.
2. I'm no Outlook/Exchange Expert, but if the correct DNS entries are set, Outlook should pretty much configure itself automatically.
3. You can't. You can reset the user's password, but that's totally different from knowing his password - password reset is by default an audited action, and the user will know that his password was reset, because you can't set it back to the original.

So either you have a centralized management and standardized user accounts and settings - then you can use logon/logoff scripts, GPOs, and GPO preferences to your heart's content to make sure everything is set up the same way for every user.
Or you have some open environment where every user can choose his own desktop background, screen saver, applications, whatever, and enjoy their freedom - but then they can't realistically expect you to hold their hands while they configure their applications.
That said, a Citrix/Terminalserver environment is by design a classic case for a standardized environment, giving you all the power of scripts and GPOs to avoid having to configure anything manually. That includes pretty much any Windows and application setting there is - it's just a matter to find out which registry setting and file holds which configuration.
That user was right, and that has nothing to do with being pro-active or re-active.
There is no way to do so, there is no need for it, you shouldn't even consider it, full stop.
This is in the user's best interest as well as yours.
Think of it this way: if you have a user's logon information, he can, for example, write whatever he always wanted to say in whatever tone he wanted to say it to his boss or whoever else, and then claim it was you, because you have his logon information.
You test whatever you have to test with a dedicated test user, setup exactly like your other users, and that should be enough.
PkafkasNetwork EngineerAuthor Commented:

Let me inquire about a few things?

Network Security aside, passwords can always be re-set after the fact.

1.  How may I create a user account for a user on a new server, without actually logging on is as that user?.  
         a.  Where I must copy the Google Chrome settings, from another device?

The only way to do this, that I am aware of, would be to have the user logon as their account and then logout and then... I can go about doing this.  Do  you know of another way?

2.  How to setup the Outlook settings for a user's profile (Using Outlook 2010) without loggining in as that user and manually following the Outlook setup wizard?

3.  My question is not if that is good security design, my question is how to logon to a system without that users login credentials to setup the user's settings.

Quite frankly, if I did not do these things the users would flip a gasket and complain by saying every time there is a IT update I loose all of my information and I cannot get anything done like I used to.  They would continue to say that these settings should have been setup before I logged on.  I do not have any time for these inconveniences.  In a perfect world we would follow the rule book for security to the code.  But sometimes the reality is you have to work with what you have and manage it the best you can.  Again, my original question is:

How may I create the user's windows and application settings without that users login credentials?   Is there by chance an application that works this way so I do not have to logon as those users?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Totally agree about not proxying in as any user.  The downstream repercussions from your Information Security folks would not be pretty.

Maybe think about setting up a few test accounts so that you can confirm functionality for users or changes to functionality.
PkafkasNetwork EngineerAuthor Commented:
The object of this questions is how to setup a user's account on a new terminal server without using that user's logon credentials.  It has been said that you cannot.  That is what I wanted to know.

It is not the objective for you to "follow" our users' expectations.

I think my co-worker must be accessing published applications (from other Citrix Farms) instead of accessing published Desktops (we have published desktops in our Citrix environment) from these other places.  That must be how other IT Departments are able to change/update application versions and Citrix Servers while not have to bother with setting up the initial user settings that are not transferred over easily.

Without getting off topic, might anyone else know how to logon to a new Terminal Server to access a published desktop (that has user specific settings) besides logging on as the user itself?
PkafkasNetwork EngineerAuthor Commented:
I am going to close this case because it appears that there is no other way to setup a local user account on a new on a new terminal server.  That was my question and to hopefully get a think tank generated about how others may give the appearance about changing settings.  I think my theory about published applications is a pretty good one.

I am going to award oBda the points; but, I am not happy about it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.