Solved

Windows Master Password

Posted on 2016-09-19
11
72 Views
Last Modified: 2016-09-19
Hi, I have a network with a few hundred users. Sometimes we need to log in as a particular user to troubleshoot something, sometimes overnight or on holiday weekends, etc when getting the user on the phone is not possible. Is there an easy way to do this without doing it the insecure way of keeping a password list? Like a master password for lack of a better term.

Thanks.
Jon
0
Comment
Question by:Jon DeVito
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 31

Accepted Solution

by:
Scott C earned 500 total points
ID: 41805419
Not if you have to log in as a particular user.  A user account can only have one password.

There is no way to set up a "master" password.  I'm assuming an admin account won't work as you need to log in as a specific user.

So, unfortunately, the answer to your question is "no".

You could always reset the password, but then you have the administrative task of working with the user to re-reset it.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41805423
If you must, change their password.  Do your thing and then force a password change at the end.
Asking someones password is not a good thing, especially if something is stolen.  They can say 6 months later so and so knew my password they must have done it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805429
Thanks but doing that will not work because it will break their mobile device which they use constantly. I was hoping that on a domain there could be some sort of master setup to log in as the user to configure things on their desktop, etc.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 31

Expert Comment

by:Scott C
ID: 41805433
As you have mobile devices, and that is a concern, the answer is "no".

I wouldn't want to be the one in charge of that list due to the liability and security issues.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41805435
Any kind of a master password would be horribly insecure.  No such thing exists.

At best you should change their password and then let them change it back.  You can declare (tell all users) that if you need to reset their passwords it will be ______ - something they should know - their phone number and Street name or something like that. Then you have an administrative policy - if you need to access a user's account, you notify them via email FIRST and then after 10 minutes (enough time to push out the email about the changed password, you change it and do what you need to do.
0
 
LVL 31

Expert Comment

by:Scott C
ID: 41805436
Again, even if you are on a domain, you get into the security of having a "master" password.  what if something happens down the way, there won't be any sure way of who did it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805443
Yeah I was pretty sure that was going to be the answer but I figured let me check. We have so much that needs to get rolled out with no help & cant be done during the day so logging on as the user was the easiest option. Thanks for confirming though.
0
 
LVL 3

Author Closing Comment

by:Jon DeVito
ID: 41805445
Scott was the first one with the correct answer. Thanks for the help.
0
 
LVL 31

Expert Comment

by:Scott C
ID: 41805451
Anytime.  Glad I could help.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 41805505
I'd like to add:
As always, there is some kind of way to reach your goal.
We could setup autologon with the user's credentials. Still, we would be able to secure the computer using bitlocker. For bitlocker, we can configure multiple authentication methods (="protectors"), so that the admin has one and the user has one. Result: we can start the pc and logon as user anytime we like without having to know or reset his password.

A 2nd way; there's a tool: http://www.e-motional.com/ULAdmin.htm which can entitle administrators to unlock user sessions without knowing their password. So you could ask the user to just lock his screen and hibernate the computer. You'll be able to enter his session again without having to know or reset his password.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805517
Very nice McKnife, I'm going to check out that tool. Its a bit on the expensive side because of the volume, but worth looking at. Thanks a lot.
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question