Thursday, May 26, 2016

Configure Server 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 2 - Shadow Users

Configure Server 2012 and 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 1
Configure Server 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 2



Had a few people ask about shadowing users. If you've looked around, you'll see Microsoft dropped the ball from Windows Server 2008 R2 to 2012 - as they removed the shadowing capabilities.

For Windows 2012 R2, they've added it back. Now, if you've configured just a single RDP Session Host, like I've shown, you may be wondering "How can I shadow my users now that I'm all RDP-RDMS free?" Well, I'm glad to say that you're in luck.

A) Run the PowerShell commands below as Administrator:

Current full version of configuring RDP Session Host script at https://github.com/cajeeper/PowerShell/blob/master/Setup-Standalone-RDS-Host.ps1

 #Allow Shadowing Users
 # Values: 0 (No Remote Control), 1 (Full Control with user's permission), 2 (Full Control without user's permission), 3 (View Session with user's permission), 4 (View Session without user's permission)
 New-ItemProperty "hklm:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name Shadow -Value 2 -PropertyType "DWORD"

 #Update GPO for Shadowing Users
 gpupdate /force
Formatted for web with http://codeformatter.blogspot.com/ 

Example of running PowerShell script
 
B) Launch a shadowing session
  1. Open a PowerShell or Command Prompt as Administrator

    Example of running PowerShell as Administrator
     
  2. Find the session you want to shadow using:

    quser
       or
    qwinsta
     
  3. Connect to the session by using the following command on the server you're attempting to administrate (replace # with the correction session ID):

    mstsc /shadow:# /control
      or
    mstsc /shadow:# /control /noconsentprompt
Example of running quser and mstsc as Administrator

Example of shadowing user session


Cheers!