Is there a way to log into Windows using a USB stick? (on Windows XP/7)
I have student workers whom I would like to give admin rights for maintenance, but I would like to refrain from giving out a password for various reasons (students joining and leaving the staff, students writing them down and losing them, etc). This would also allow me to keep track of who and when a student worker is allowed admin access.
You want a Windows PKI USB Token. You can assign a passworded certificate to it, then control through Cert-to-User mapping. When they're done, you revoke the cert (or only make it valid in the first place for a week). If they lose it, you have to replace the Token, but no big deal. Still make them a separate User-Admin account (usually their standard login, with "-admin" appended) and give that account admin access.
If you need more details on how to set this up let me know, and I'll post more.
If you have a little budget for it, have a look at Yubikey (http://yubico.com/products/yubikey/). It's a very cheap device designed specifically for this purpose. They worked very well for my needs.
use konboot, you can login to windows without a password, just need to know the username. tested on all os's from 2000 and up to 7 / all server revisions also. This also works if you have novell client installed, however i have never tested with Active Directory.
you just need to take a usb stick, install grub4dos to make in bootable and then download the floppy image of konboot, mix it all together and voila, you can login into and windows workstation/server and even linux (but i will not give a tutorial on that)
peace out!
There's a "hacking" dongle out there that acts as a HID keyboard and can be programmed to act on events and send keypresses to a computer...
...but I fail to see how you get accountability or track-keeping with a physical artefact without some added personal knowledge like a password or a pin number or if it's truly one-use only. The stick could easily be lent, borrowed, copied and so on unless you personally watched over it and if the password was shared there's no accountability and no incentive to keep it private for any possessor.
If there's central user administration I'd just go with creating and handing out personal accounts for those who need them, separate administrative accounts as well (or grant the regular accounts the permissions needed when needed). You could then enable and disable them at will and with some decent-level speech about personal accountability they won't be shared as often as a stick.
You can transform an USB Key into a smart card using EIDVirtual, then use active directory smart card login or EIDAuthenticate on stand alone computer.
(http://www.mysmartlogon.com/products/eidvirtual.html)