Overide user password

[Chrisxs5]

I would like to know if there is a way to set a password that will overide any users password. Everytime I have to work on a users computer I have to either get it form them or reset it. I would like to sit down and get in on any user with it. ANd then when I get off, they can still get on with theirs. I looked through group policy and didnt see anything along these lines.

[michaewlewis]

That would be considered hacking. The whole idea of having different users on computers is so that nobody else can access their profiles and data. You can, however, log in as an administrator and make any necessary changes to the computer, just not to their account.

[Chrisxs5]

Thats currently what I do now, log in as the admin, but becuase of a custom application we have I have to get into their user to update it; not the admin account but the actual user account. Cant even push it to them like I do everything else. Now hacking sounds like a harsh term for this. Hacking to me; is when you do something to gain illegal access. I am the system administrator and am just trying to ease one of my duties. I dont really need to hack anything up here I already have full rights to everything. I am just tired of having to remote in to my DC, changing the password and then having to go back in when I am done to turn on the reset when they get back in.

[BC_Programmer]

hacking is programming, actually, but now common parlance has defined it as cicumventing security- legal or illegal.

[michaewlewis]

are you using group policy to push out the updates?

[Chrisxs5]

OK, I think we arent looking towards my actual end result, which is to change a system that I have full rights to change, access and program as I believe is best suited for the company, which is actually in my contract. I am not looking to see what my neighbor is doing or defruad them. Which is impossible since they have all signed agreements stating that anything and everything they do on the company owned PC is owned by the company and we have the right to monitor and intercept anything  that the PC is used for.

http://definitions.uslegal.com/c/computer-hacking/

If I were a hacker, then my intent would be some kind of malicous fraud or illegal motive. I simply want to chane an aspect of the system which I have been placed with its charge.

So without the intent of making those who are nice enough to help others and myself over the years, please only reply if you know of any group policy options or other options that will help me to acheive my end result.

[Chrisxs5]

are you using group policy to push out the updates?

I actually use a login script through the ad

[Salmon Trout]

How do we know that the guy really is the actual person who has "full rights to change, access and program"? I know he says he does, but you can be anyone you like on the internet. Even if it were true, and even if it were possible, should it be posted here on the public internet for anyone to read? Anyhow, I sure don't like people who write "please only reply if I'm going to like your answer."

[michaewlewis]

How do we know that the guy really is the actual person who has "full rights to change, access and program"? I know he says he does, but you can be anyone you like on the internet. Even if it were true, and even if it were possible, should it be posted here on the public internet for anyone to read? Anyhow, I sure don't like people who write "please only reply if I'm going to like your answer."

That was not entirely appropriate to say. He knows the rules of the forum.

I actually use a login script through the ad

So what is it that you actually have to do? Just log them out and then back in again? or is there some settings that you have to define after logging back in?

[BC_Programmer]

heh, I was just correcting the definition of the word "hacker". I wasn't implying anything about the context.

[Salmon Trout]

hacking is programming, actually, but now common parlance has defined it as cicumventing security- legal or illegal.

Back in the 1980s I read in a computer magazine that a "hacker's computer" was one with a built in ashtray.

[Chrisxs5]

So what is it that you actually have to do? Just log them out and then back in again? or is there some settings that you have to define after logging back in?

Well becuase of our application we use, it can only be edited from within the intended users account. So when I make application changes, I have to walk around to each computer and do a manual update. So if I do this update at night I follow these steps:
-Reset all users passwords to a generic word
-Log into each PC using there user name and the new password
-Make changes
-Go back to the AD and Set for the user to change their password on next login
-Post a note on the door for what the password is

So I would like to have an admin only password that can be used in place of getting into the AD each time.

[Chrisxs5]

Back in the 1980s I read in a computer magazine that a "hacker's computer" was one with a built in ashtray.

I don't smoke! 

[Chrisxs5]

I would like to know if there is a way to set a password that will overide any users password. Everytime I have to work on a users computer I have to either get it form them or reset it. I would like to sit down and get in on any user with it. ANd then when I get off, they can still get on with theirs. I looked through group policy and didnt see anything along these lines.

My apoligies on my original post, I dont believe after reading it again that accurately conveyed my thoughts.

[michaewlewis]

I'm pretty sure that there is no way to do what you're wanting to do. At least I hope not. That would be a huge security risk and I don't think Microsoft would put that kind of feature in their software intentionally. I understand where you're coming from though. I'm a network admin too and find that not having access to users' profiles is somewhat of a headache. But when that lawsuit comes that says that I've been tampering with user data, I want to be able to say that I have no access to their profiles/data.

I think the proper thing to do is to redesign the software with an update function that would go in and automatically change the settings necessary upon release. It would save you a ton of time, too. (unless you only have a dozen users)

[Chrisxs5]

In between programmers on the software right now and the updates are information based. I dont know wht the original programmer never just created a SQL table for it. The rest of the program is. Ok, well I appreciate you taking some time out to reply. Thanks!

[BC_Programmer]

just looked over this again, can't say I know of a solution, especially if you need access to their profiles to make the changes... you could, theoretically maybe make two users and then edit one of the profiles settings so that it points to the same folders, registry, etc by creating hard-links to the other users folders/registry hive files... but it seems a bit dangerous (deleting the one account deletes the files from the other, too) and might cause other issues as well.

[Rob Pomeroy]

Chris, do you know where the updates apply?  Is it in the registry?

Why not use the netlogon scripts to run the updates as the users log on, and flash up a message to let them know what's going on?

[Chrisxs5]

I have tried that, but sometimes the updates just need to be watched over in case of failure. I do this for other upgrades. I am just gonna keep up with I have been doing until I get new programmer here to fix where the item is upgraded. THe items needing upgraded is data information that has been hard coded into the software, it really just needs pointed to a SQL database. I created me a new test enviroment yesterday and am going to attempt the programming myself, I hate programming things, but I believe this is the best solutions now.

[Rob Pomeroy]

If you need to "watch" installs in an automated fashion, you could do worse than learn AutoIt, which is a small step removed from full-blown programming: http://www.autoitscript.com/