Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows Master Password

Posted on 2016-09-19
11
Medium Priority
?
79 Views
Last Modified: 2016-09-19
Hi, I have a network with a few hundred users. Sometimes we need to log in as a particular user to troubleshoot something, sometimes overnight or on holiday weekends, etc when getting the user on the phone is not possible. Is there an easy way to do this without doing it the insecure way of keeping a password list? Like a master password for lack of a better term.

Thanks.
Jon
0
Comment
Question by:Jon DeVito
11 Comments
 
LVL 32

Accepted Solution

by:
Scott C earned 2000 total points
ID: 41805419
Not if you have to log in as a particular user.  A user account can only have one password.

There is no way to set up a "master" password.  I'm assuming an admin account won't work as you need to log in as a specific user.

So, unfortunately, the answer to your question is "no".

You could always reset the password, but then you have the administrative task of working with the user to re-reset it.
0
 
LVL 17

Expert Comment

by:pjam
ID: 41805423
If you must, change their password.  Do your thing and then force a password change at the end.
Asking someones password is not a good thing, especially if something is stolen.  They can say 6 months later so and so knew my password they must have done it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805429
Thanks but doing that will not work because it will break their mobile device which they use constantly. I was hoping that on a domain there could be some sort of master setup to log in as the user to configure things on their desktop, etc.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 32

Expert Comment

by:Scott C
ID: 41805433
As you have mobile devices, and that is a concern, the answer is "no".

I wouldn't want to be the one in charge of that list due to the liability and security issues.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 41805435
Any kind of a master password would be horribly insecure.  No such thing exists.

At best you should change their password and then let them change it back.  You can declare (tell all users) that if you need to reset their passwords it will be ______ - something they should know - their phone number and Street name or something like that. Then you have an administrative policy - if you need to access a user's account, you notify them via email FIRST and then after 10 minutes (enough time to push out the email about the changed password, you change it and do what you need to do.
0
 
LVL 32

Expert Comment

by:Scott C
ID: 41805436
Again, even if you are on a domain, you get into the security of having a "master" password.  what if something happens down the way, there won't be any sure way of who did it.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805443
Yeah I was pretty sure that was going to be the answer but I figured let me check. We have so much that needs to get rolled out with no help & cant be done during the day so logging on as the user was the easiest option. Thanks for confirming though.
0
 
LVL 3

Author Closing Comment

by:Jon DeVito
ID: 41805445
Scott was the first one with the correct answer. Thanks for the help.
0
 
LVL 32

Expert Comment

by:Scott C
ID: 41805451
Anytime.  Glad I could help.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 41805505
I'd like to add:
As always, there is some kind of way to reach your goal.
We could setup autologon with the user's credentials. Still, we would be able to secure the computer using bitlocker. For bitlocker, we can configure multiple authentication methods (="protectors"), so that the admin has one and the user has one. Result: we can start the pc and logon as user anytime we like without having to know or reset his password.

A 2nd way; there's a tool: http://www.e-motional.com/ULAdmin.htm which can entitle administrators to unlock user sessions without knowing their password. So you could ask the user to just lock his screen and hibernate the computer. You'll be able to enter his session again without having to know or reset his password.
0
 
LVL 3

Author Comment

by:Jon DeVito
ID: 41805517
Very nice McKnife, I'm going to check out that tool. Its a bit on the expensive side because of the volume, but worth looking at. Thanks a lot.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question