server 2003 master password

Hello.

As some of you know, i work for a school district.
When I get a problem submitted to me, I go and fix it. Quite a lot of it is software problems. So, therefore I need the teacher to be logged into the system.

Sometimes the teacher isn't there and I cannot fix the problem. I have heard from a couple of people that there's a master password integrated within server 2003.

Does anyone know of where I can find this information and how to set it up.

There maybe some replies to logging in as a domain administrator. Yes, we have that setup. But sometimes I need to get into the teachers profile to fix more "profile based" programs, such as microsoft outlook running in offline mode or something weird with M$ word.

Does anyone have any information about this?

Cheers.
Jamie

Find more posts tagged with

Comments

royal

The most privileged account by default whether it's local or domain-wide is the Administrator account.

sprkymrk

There is no way to log in as a user w/o that users password.

RTmarc

Best way to make specific user changes is have them log in for you and then you start working or remotely connect with something like DameWare or VNC.

MAC_Addy

Okay, just a rumor that i heard then.

Cheers guys.

sculler

Windows NT, XP, 2000, 2003 operating systems do not have a magic/master generic userid/password. In some organizations, a standard password is set for the local administrator account. This is considered to be a bad idea and leads to poor security. Sooner or later someone outside the IT department learns it and then there can be all sorts of bad things happening..... It can also lead to bad things with in the IT departments.....

In other organizations, with AD(Active Directory) the IT staff/techs are added to the Administrators group on all PCs. This allows IT to work on a PC when the main user is absent using their own ID. It does have limitations when the problem has to do with a user specific software configuration.... It can also lead to IT staff having to much access to data and files stored on PCs. It can also lead to lower level IT staff having to much access to data and files on servers.

There are other methods of giving IT access to the systems for support that can be a bit more secure. The core exams for MCSA emphasize this quite a bit.

With XP you can set the systems up for remote assistance. Group Policy can be used to control access and let the user request assistance. Then you could work on the system from your desk and speak to the user on the phone.

There are also third party tools that do the same thing such as VNC. This comes in a number of flavors that include additional security.

On Servers you can use Terminal services as well as tools such as VNC. I hope this helps.

Good Luck
Sculler

rhelt100

jamie.english wrote:

Hello.

As some of you know, i work for a school district.
When I get a problem submitted to me, I go and fix it. Quite a lot of it is software problems. So, therefore I need the teacher to be logged into the system.

Sometimes the teacher isn't there and I cannot fix the problem. I have heard from a couple of people that there's a master password integrated within server 2003.

Does anyone know of where I can find this information and how to set it up.

There maybe some replies to logging in as a domain administrator. Yes, we have that setup. But sometimes I need to get into the teachers profile to fix more "profile based" programs, such as microsoft outlook running in offline mode or something weird with M$ word.

Does anyone have any information about this?

Cheers.
Jamie

There is no official backdoor, as others have stated. It is possible to change the admin password in a windows installation. I'm sure you could find the instructions on the internet somewhere. When I saw it done, it was done with Knoppix and a hex editor to change the password to anything desired.

losercore

This may be late but one thing I have done in the past when the user is not there and I need access to their account and that account only and the local admin account will not do. What I do is reset their password, log in to their machine, do what needs to be done. Then you need to find a way to inform them their password has been changed to whatever and set their account to change password at next logon. or they will just contact the helpdesk when they can't log on and you just reset it then for them.

Sometimes i leave a post it note that says your password has been changed, please call the helpdesk or leave your extension or something. Put it right on their monitor. Obviouslt don't put what the password is on the post it but just that it has been changes so they know.

Works great in most cases.