Solved

Windows Master Password

Posted on 2016-09-19
11
57 Views
Last Modified: 2016-09-19
Hi, I have a network with a few hundred users. Sometimes we need to log in as a particular user to troubleshoot something, sometimes overnight or on holiday weekends, etc when getting the user on the phone is not possible. Is there an easy way to do this without doing it the insecure way of keeping a password list? Like a master password for lack of a better term.

Thanks.
Jon
0
Comment
Question by:Jon DeVito
11 Comments
 
LVL 29

Accepted Solution

by:
ScottCha earned 500 total points
ID: 41805419
Not if you have to log in as a particular user.  A user account can only have one password.

There is no way to set up a "master" password.  I'm assuming an admin account won't work as you need to log in as a specific user.

So, unfortunately, the answer to your question is "no".

You could always reset the password, but then you have the administrative task of working with the user to re-reset it.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41805423
If you must, change their password.  Do your thing and then force a password change at the end.
Asking someones password is not a good thing, especially if something is stolen.  They can say 6 months later so and so knew my password they must have done it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805429
Thanks but doing that will not work because it will break their mobile device which they use constantly. I was hoping that on a domain there could be some sort of master setup to log in as the user to configure things on their desktop, etc.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 29

Expert Comment

by:ScottCha
ID: 41805433
As you have mobile devices, and that is a concern, the answer is "no".

I wouldn't want to be the one in charge of that list due to the liability and security issues.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41805435
Any kind of a master password would be horribly insecure.  No such thing exists.

At best you should change their password and then let them change it back.  You can declare (tell all users) that if you need to reset their passwords it will be ______ - something they should know - their phone number and Street name or something like that. Then you have an administrative policy - if you need to access a user's account, you notify them via email FIRST and then after 10 minutes (enough time to push out the email about the changed password, you change it and do what you need to do.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41805436
Again, even if you are on a domain, you get into the security of having a "master" password.  what if something happens down the way, there won't be any sure way of who did it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805443
Yeah I was pretty sure that was going to be the answer but I figured let me check. We have so much that needs to get rolled out with no help & cant be done during the day so logging on as the user was the easiest option. Thanks for confirming though.
0
 
LVL 3

Author Closing Comment

by:Jon DeVito
ID: 41805445
Scott was the first one with the correct answer. Thanks for the help.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41805451
Anytime.  Glad I could help.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 41805505
I'd like to add:
As always, there is some kind of way to reach your goal.
We could setup autologon with the user's credentials. Still, we would be able to secure the computer using bitlocker. For bitlocker, we can configure multiple authentication methods (="protectors"), so that the admin has one and the user has one. Result: we can start the pc and logon as user anytime we like without having to know or reset his password.

A 2nd way; there's a tool: http://www.e-motional.com/ULAdmin.htm which can entitle administrators to unlock user sessions without knowing their password. So you could ask the user to just lock his screen and hibernate the computer. You'll be able to enter his session again without having to know or reset his password.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805517
Very nice McKnife, I'm going to check out that tool. Its a bit on the expensive side because of the volume, but worth looking at. Thanks a lot.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wondershare 17 63
Laptop "remote wipe" -- stolen ? 10 93
PCI compliance 16 33
Scheduled Tasks Tweak 5 32
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question