You could also talk to your boss about implementing assigned passwords to users which they cannot change. That would give you access to each account (since you know the passwords) and it would also ensure that they are using a "secure" password. That would be my suggestion.

Not sure if this would work on a windows system (since I work in a unix/linux based environment) but couldn't you also change their password on the server then use that password to login to the machine and have them change it to whatever when they return?

Hope this helps a bit.