Thanks for posting this question, it's good to know I'm not the only one with this question.
Here's the solution:
>You need to enable "Super Admin - Master Password Reset" policy in the Policies section. (https://enterprise.lastpass.com/removin ... nterprise/
>Then add a "Super Admin User" to the policy.
>The users that are existing will have to login in order for LastPass to be enable this policy for existing users, so had to "Destroy All Sessions" for each user; forcing them to login again.
>It seems to take the server about 30 min. to enable the policy once the user login has been entered again, so be patient.
>Once completed however, go to the Enterprise Users Panel (https://lastpass.com/enterprise_users.php
) and one of the dropdown options now avaiable for the user should be "Super admin master password reset."
A few other good policies to enable along with this policy are:
> Super Admin - Shared Folders
> Prevent Email: Account Change
> Prevent Email: Password Was Reset
> Restrict email addresses to specific domains
> Disable email change
> Log Full URL
(and many more: https://lastpass.com/policy_doc.php
PS: We first change the email address password for that EmployeE, then the LastPass; don't want the EE seeing exactly when we were inside the account.
Hope this helps.