In a large Enterprise Windows Environment. What do IT people do to login as a user if needed? It seems impossible to me to keep user passwords in a large environment. In a Mac environment, you have the option to masquerade as a user and login using the admin credentials.
What do large Windows Environments do when it's necessary to login as the user?
This feature is not included in Windows server to my knowledge. It would be a security issue. What are you trying to do that would require acting as the user, perhaps we could assist with that?
You can do this with Group Policy. This is what you will need to do
1. Setup a Startup Script
1a. In your script, you will create a new directory on the local drive or create a registry entry (with reg add)
1b. On startup, you will check to see if this directory/registry entry exists on the local PC. If it does, you skip it.
2. Your script would have to copy the necessary files (robocopy, or you can use PowerShell or VBScript) to copy the files to the necessary location.
I read that you can't script out the config. You should be able to manage this with Group Policy. Enterprise apps like XenApp have GPO's that are designed to allow you to do this specific task. You can then apply the policy to a group of users or specific users. However if you do not have access to Group Policy then you can get creative by doing the following
On a good known working machine (preferably one that has recently been imaged and all updates applied) and then use software to capture the before and after state and export the results as a registry entry. There are several tools to assist you with this but I won't recommend one over the other.
Asking the user for their password should never be done once the person has started working. If the person is about to start, you can assign the password and take all the necessary steps then use AD to force the user to change the password upon login.
