Announcement

Collapse
No announcement yet.

temporarily change user's password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • temporarily change user's password

    Hi there ppl!

    I there a way to change user A's password to X and then after I do some changes logged as user A, I would like to restore A's original password (the one before X).

    So basically: I'm trying to do something as a user A, but for this I need to log on and know A's password. When I'm done, I'd like to restore A's password back. Is there any other way of doing this?

    Thank you in advance!

    Blaž

  • #2
    Re: temporarily change user's password

    Are you asking us to tell you how to determine someone's password? If so, I don't believe that is allowed here.

    If you already know the password, legitimately, then you could just log on with it and then do what you need, no requirement to change it.

    Please note that logons are noted in the logs as well.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: temporarily change user's password

      If you know A's password, why would you want to change it?

      If you don't know it, how will you know what to change it back to?

      I agree with Andy's comment that this is potentially a hacking thread so please phrase questions and responses VERY carefully!

      Thread left open for now....
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: temporarily change user's password

        No no no guys... you got me wrong.
        The A's password is stored in irreversible way anywasys (normally). I'm not even interested in knowing A's password.

        Read this carefully... I'm not trying to hack anything...

        Let me clarify: I am AD Domain Administrator. My problem is... whenever I work in the afternoon there are computers that are locked (Win+L). And I have to, lets say change some settings logged as user A.

        I don't know their password, neither am I interested in knowing it.

        The way I'm doing this now is... I reset their password to zero and then log on using zero password, do what I have to do and then set that they have to change their at next logon. So everytime I do something they have to change their password. It is not so often, but I believe this could be avoided.

        So any suggestions on this one? How do you solve this problem? My idea was to store the password hash temporarly somehere, reset the password, do something and then restore previous password hash. Not sure if it would work though.

        How do you solve such cases?

        Thanks! Blaž.

        Comment


        • #5
          Re: temporarily change user's password

          Personally, I reset the password, do the work then advise the user of the new password, which they can then change. That way it is completely open and transparent that I have been in as them.
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: temporarily change user's password

            You are looking at the ability to do a "su username" unix equivalent in Windows.

            You can't do that in Windows. However, most work does not require logging on as a particular user, but sometimes it would be useful to be able to "log on as" while only providing Domain admin credentials. This is not allowed for transparency reasons I suppose.

            Copying the hash out and back in works well in some simple systems that use passwd or shadow passwd files in unix/linux but I would not recommend that kind of stuff in the Windows account database. Plus while I'm sure you can extract the hash, I am pretty sure you cannot just go and feed some random hashes to the database.

            Bottom line is just warn your users in advance that their passwords will be changed, or if possible, don't log as users..
            Last edited by gepeto; 6th May 2008, 19:56. Reason: Password hash idea
            VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

            Comment


            • #7
              Re: temporarily change user's password

              If blank3 just wants to get on to the locked PC and is the domain admin, why not log off the user and log on as the domain (and local) admin?

              Am I missing something?
              Cheers,

              Rick

              ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

              © 2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

              Comment


              • #8
                Re: temporarily change user's password

                My only guess is to change user specific settings manually for blank3 or something like that. The kind of stuff you avoid doing when you have more than 10 users !
                VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                Comment


                • #9
                  Re: temporarily change user's password

                  Blank3: what settings do you need to change? Maybe they are possible with a gpo or similar?
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: temporarily change user's password

                    Thank you ppl, for the replys so far. I guess making it transparent for the users that I was in as them alsa has its value.

                    Originally posted by AndyJG247 View Post
                    Blank3: what settings do you need to change? Maybe they are possible with a gpo or similar?
                    Well sometimes I have to install a printer, sometimes I have to change some other thing. I try to use GPO if possible. But for printer installation I'm not doing this very well. I will search (ask) this in another topic.

                    Comment


                    • #11
                      Re: temporarily change user's password

                      Ok sounds good
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: temporarily change user's password

                        Originally posted by blank3 View Post
                        Thank you ppl, for the replys so far. I guess making it transparent for the users that I was in as them alsa has its value.



                        Well sometimes I have to install a printer, sometimes I have to change some other thing. I try to use GPO if possible. But for printer installation I'm not doing this very well. I will search (ask) this in another topic.
                        If you use 2003 r2 that will be no problem.
                        VCP on vSphere (4), MCITP:EA/DBA, MCTS:Blahblah

                        Comment

                        Working...
                        X