8

Other than memorizing and documenting each user's credentials, is there way that I can use the Windows Domain Administrator credentials to login to a workstation-user's desktop as if I were them?

I think this is called impersonation, but my searches are finding articles dedicated to running scripts as a particular user, while I need this ability for non-script-administrative purposes.

Sometimes, after hours (for example), I need to see desktops from the User's perspective, and make modifications to aid their work-flows. I have some users who can't find an application unless it is a desktop shortcut! So I need this for stuff like this, and other things too.

Update: I found this question on Server Fault:

Using admin credentials to log on as a user vs. storing passwords

None of the answers offered much hope. I guess I'll just have to change the user's password if I don't know what it is an tell them what I changed it to next work-day?

As an admin, I wish I could just login with my admin-credentials to any non-admin user. In Linux, I can do this using the su command.

Community
  • 1
LonnieBest
  • 1,450
  • 4
  • 21
  • 36
  • 2
    `is there way that I can use the "Windows Domain Administrator credentials" to login to a workstation-user's desktop as if were them?` - No there isn't. Additionally, you shouldn't be memorizing users passwords. If you need to log on as the user you should do so in their presence. If you need to log on as them after hours then you should reset their password to a mutually agreed upon password, use it to do your work, and then set the user account to require a password change on the next login so that the user can set a new password on their next login. – joeqwerty Mar 12 '15 at 05:53

1 Answers1

7

No. Windows does not offer the type of user impersonation capability you're asking about here. There's no sudo equivalent, or even approximation in Windows.

There are plenty of Windows tools that allow screen sharing, and this is the general approach most Windows shops use. SCCM comes with a very useful Remote Control utility that allows you to access a logged in user's session, Windows itself has a native Remote Assistance utility (over RDP) that allows the same functionality and can be setup and enabled fairly easily across a domain, and of course there's always the plethora of VNC clients, browser-based remote assistance technologies, and even other applications that offer the same functionality via different methods.

If you don't have and aren't willing to set any of those technologies up, then sure, you can reset a user's password, log in as them, and tell them the new password the next day, but you really should look into getting some sort of screen-sharing technology setup. It makes troubleshooting and fixing issues so much easier that I can't imagine doing without it.

Community
  • 1
HopelessN00b
  • 53,385
  • 32
  • 133
  • 208