Windows stores passwords in the active directory in an encoded way.
Windows encrypts a user password with LM and NTLM.
LM stands for LanManager and NTLM means NTLanManger. NTLM equals MD4 encryption.
This process results in 2 password hashes.
During a user login a hash is calculated from the password. That hash is checked against the hash known in the active directory. If both hashes are equal, the login is granted.

TCWP retrieves the current user hashes and stores them in a encrypted database file.

TCWP alters the current user password as chosen by an administrator.
     The administrator can now login with the chosen user account at any workstation.

TCWP restores the original password hashes when the administrator is finished with the user support.

TCWP works on all 32-bit Windows NT, Windows 2000 and Windows 2003 domaincontrollers.
The enterprise edition also works on 2000 Professional, XP, Vista, NT server, 2000 sever, 2003 server.

Windows server 2008 and 64 bit operating systems are currently in beta.

TCWP has a grafical user interface which shows all available users.
Each user can be assigned to a new password. And afterwards reset the password to it's previous setting.
It's possible to combine TCWP into your own administrative programs by using the commandline interface.
The same functions are available in the CLI.

When the password is reset, this will be registrated in the encrypted database file.
The main-administrator can receive an email when a password is reset and can also lock TCWP-settings.

Yet to be uploaded.