Solved

Windows Master Password

Posted on 2016-09-19
11
54 Views
Last Modified: 2016-09-19
Hi, I have a network with a few hundred users. Sometimes we need to log in as a particular user to troubleshoot something, sometimes overnight or on holiday weekends, etc when getting the user on the phone is not possible. Is there an easy way to do this without doing it the insecure way of keeping a password list? Like a master password for lack of a better term.

Thanks.
Jon
0
Comment
Question by:Jon DeVito
11 Comments
 
LVL 29

Accepted Solution

by:
ScottCha earned 500 total points
ID: 41805419
Not if you have to log in as a particular user.  A user account can only have one password.

There is no way to set up a "master" password.  I'm assuming an admin account won't work as you need to log in as a specific user.

So, unfortunately, the answer to your question is "no".

You could always reset the password, but then you have the administrative task of working with the user to re-reset it.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41805423
If you must, change their password.  Do your thing and then force a password change at the end.
Asking someones password is not a good thing, especially if something is stolen.  They can say 6 months later so and so knew my password they must have done it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805429
Thanks but doing that will not work because it will break their mobile device which they use constantly. I was hoping that on a domain there could be some sort of master setup to log in as the user to configure things on their desktop, etc.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41805433
As you have mobile devices, and that is a concern, the answer is "no".

I wouldn't want to be the one in charge of that list due to the liability and security issues.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41805435
Any kind of a master password would be horribly insecure.  No such thing exists.

At best you should change their password and then let them change it back.  You can declare (tell all users) that if you need to reset their passwords it will be ______ - something they should know - their phone number and Street name or something like that. Then you have an administrative policy - if you need to access a user's account, you notify them via email FIRST and then after 10 minutes (enough time to push out the email about the changed password, you change it and do what you need to do.
0
Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

 
LVL 29

Expert Comment

by:ScottCha
ID: 41805436
Again, even if you are on a domain, you get into the security of having a "master" password.  what if something happens down the way, there won't be any sure way of who did it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805443
Yeah I was pretty sure that was going to be the answer but I figured let me check. We have so much that needs to get rolled out with no help & cant be done during the day so logging on as the user was the easiest option. Thanks for confirming though.
0
 
LVL 3

Author Closing Comment

by:Jon DeVito
ID: 41805445
Scott was the first one with the correct answer. Thanks for the help.
0
 
LVL 29

Expert Comment

by:ScottCha
ID: 41805451
Anytime.  Glad I could help.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 41805505
I'd like to add:
As always, there is some kind of way to reach your goal.
We could setup autologon with the user's credentials. Still, we would be able to secure the computer using bitlocker. For bitlocker, we can configure multiple authentication methods (="protectors"), so that the admin has one and the user has one. Result: we can start the pc and logon as user anytime we like without having to know or reset his password.

A 2nd way; there's a tool: http://www.e-motional.com/ULAdmin.htm which can entitle administrators to unlock user sessions without knowing their password. So you could ask the user to just lock his screen and hibernate the computer. You'll be able to enter his session again without having to know or reset his password.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805517
Very nice McKnife, I'm going to check out that tool. Its a bit on the expensive side because of the volume, but worth looking at. Thanks a lot.
0

Featured Post

Being driven mad by email signature updates?

Having to make a change to your users’ email signatures, yet again? Feel like your head is going to explode? Rely on an Exclaimer email signature management solution to make the process simple!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
asset management of client side devices laptops/computers 1 46
factory reset 9 65
laptop problem 21 96
Process to upgrade Win 10 Home OS laptop to Win 10 Pro OS 7 41
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now