I recently changed the network at my job so users log in to the domain and have their settings and files hosted on the server, where previously they logged in to local accounts on each computer and had permissions to access server files stores. The only real downside is that, if I log into a user's machine remotely (I use logmein, which lets you control a computer as if you were sitting in front of it – we're a small business, we don't have the need or budget for anything more elaborate), I have to log in as an account I know the password for. I'd like to be able to log in to user's accounts for troubleshooting, so I can have the exact same environment as the user.
However, I don't want to just have a list of everyone's passwords. It's feasible (there are less than 10 of us), but besides the security issue and the problem of maintaining it, I've spent the last 2 years drilling basic password security into my user's heads and it's actually starting to get through. Asking for their passwords would undo that.
So, is there a way to log in to a user's account without their password? Can a second password be set up, or some other way to log in that doesn't disrupt the user's normal login? Is there a better way of getting the exact same environment a user has that I'm missing?
I'm a domain admin and have full access to everything on the network.
Best Answer
No, there isn't a way to log in as the user without knowing their password.
No, there's no way of having a second password for the user.
Why would asking the user for their password "undo" their understanding of creating and maintaining strong passwords and the understanding of how and why to protect their passwords? Would they not understand the purpose of your asking for their password? Would they then just say to themselves " Since Jim asked me for my password so he could troubleshoot my problem, I guess I can just forget and ignore everything he's taught me about password security."?
How about requiring that the user change their password at the next logon after you've asked them for their password and resolved their problem. That way you've got their current password for troubleshooting the problem and when you're done you set the option to require a password change at next logon (which is pretty standard practice).