Sometimes (e.g. when inspecting malware infested machines) it is very useful to be able to log in as a domain user without knowing the user's password with the computer off-line. How to do it? In every case, a local computer administrator account is available.
One option I am aware of involves dumping the cached domain credentials and then cracking them, but that means that password is no longer secret and sometimes is simply not practicable. In linux/unix, I would just do sudo -u 'johndoe' and be done. What's the equivalent in Windows XP/Vista/7?
Edit: just to provide context. This is for inspecting malware infected machines. Some malware will only start if you log on as the originally infected user. I can't put it back on the network to reset the password as it would be too risky. So, the box is off-line and I have a local admin account which is created at install time for troubleshooting.
There is no
suin the windows world.The only option short of getting the user to login is to change the user's password in active directory.
It is possible with managed (.Net) custom code. Beginning with Windows 2003/XP, there is a feature called S4U, that enables impersonation without credentials or an existing token.
I'm not providing a code sample, but if you know someone that can code this is fairly straightforward.
So the upshot is it is possible to run something like impersonate.exe [domain\username] and open a new command prompt in that user's identity. Is that what you had in mind? If so, you may want to close this and open a new question on stackoverflow.com.
Let me rephrase your question ... if I am not correct please advise.
The most straight-forward option (in advance) is to setup Group Policies that force the local administrator password to a known password. Then, even if the PC is off the network, the local admin account will be available.
http://pogostick.net/~pnh/ntpasswd/
I recommend this. Burn it to a disc/flash drive and go for it.