impersonating - password
Question asked by Richard Frank - 1/7/2019 at 3:11 AM
Isn't it a kind of strange that admins can't see passwords of users but to perform the most simple tasks on an account I have to impersonate that account, what makes me able to read all their mail etc.?

1 Reply

Reply to Thread
Andrea Rogers Replied
Employee Post Marked As Answer
Hi Richard,

In versions 15.x and 16.x, the Show Password option is available for all system administrators as long as the mailConfig.xml file has <allowViewingOfPasswords> set to True. To enable the feature in 15.x and 16.x, here's what to do:

  1. Stop the SmarterMail service. 
  2. Navigate to the Services folder. The default location is C:\Program Files (x86)\SmarterTools\SmarterMail\Service
  3. Find the mailConfig.xml file and open it in an editor, such as Notepad.
  4. Find the following line. (Note: If you can't find this line, close the file and log in to SmarterMail as a System Admin. Go to any Settings page in SmarterMail and simply save the page. This will write out a new mailConfig.xml file that will include the new field.)
  5. Edit the value to turn ON this option.
  6. Save the file.
  7. Start the SmarterMail service.

In the Current Builds (100.0.XXXX), the primary system administrator can view and retrieve user account passwords and app passwords by default. For secondary administrators, the Show Password option is only available if the admin's account has "Allow show passwords while impersonating" enabled. 

  1. Log in as the primary System Administrator. 
  2. Click on the Settings icon and click on Administrators from the navigation pane. 
  3. Edit the secondary administrator account. 
  4. Enable 'Allow impersonation and domain management' and 'Allow show passwords while impersonating'. When 'Allow show passwords' is enabled, that administrator will be able to view a user's account password (and app passwords, if the user is protected by 2-Step Authentication) while impersonating a user account or domain. This option also allows the administrator to retrieve passwords via the API.
In the Current Builds, we also added a setting that allows Domain Admins to view a user's passwords. Click on the Manage icon and edit a domain. On the Features card, you'll find an option for 'Show Passwords to Domain Admins'. Enable this option to allow all domain administrators on that domain to view a user's account password (and app passwords, if the user is protected by 2-Step Authentication). Note that account passwords cannot be viewed for accounts authenticated by Active Directory.

I hope this helps! 

Andrea Rogers
SmarterTools Inc.


Reply to Thread