Configure Server 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 2 - Shadow Users

Configure Server 2012 and 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 1
Configure Server 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 2

---

Had a few people ask about shadowing users. If you've looked around, you'll see Microsoft dropped the ball from Windows Server 2008 R2 to 2012 - as they removed the shadowing capabilities.

For Windows 2012 R2, they've added it back. Now, if you've configured just a single RDP Session Host, like I've shown, you may be wondering "How can I shadow my users now that I'm all RDP-RDMS free?" Well, I'm glad to say that you're in luck.

A) Run the PowerShell commands below as Administrator:

Current full version of configuring RDP Session Host script at https://github.com/cajeeper/PowerShell/blob/master/Setup-Standalone-RDS-Host.ps1

 #Allow Shadowing Users
 # Values: 0 (No Remote Control), 1 (Full Control with user's permission), 2 (Full Control without user's permission), 3 (View Session with user's permission), 4 (View Session without user's permission)
 New-ItemProperty "hklm:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name Shadow -Value 2 -PropertyType "DWORD"

 #Update GPO for Shadowing Users
 gpupdate /force

Formatted for web with http://codeformatter.blogspot.com/ 

 
B) Launch a shadowing session

1. Open a PowerShell or Command Prompt as Administrator
   
   
    
2. Find the session you want to shadow using:
   
   quser
      or
   qwinsta
    
3. Connect to the session by using the following command on the server you're attempting to administrate (replace # with the correction session ID):
   
   mstsc /shadow:# /control
     or
   mstsc /shadow:# /control /noconsentprompt

Cheers!

Configure Server 2012 and 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang!

Configure Server 2012 and 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 1
Configure Server 2012 R2 with RDP Session Host without the whole RDP-RDMS shebang! - Part 2

---

Updated: 2016-05-25

Threw this into PowerShell to make this a little quicker for me, and now for you.

Current version at https://github.com/cajeeper/PowerShell/blob/master/Setup-Standalone-RDS-Host.ps1

 #Install Roles
 Get-WindowsFeature | ? { $_.Name -match "RDS-Licensing|RDS-RD-Server" } | Install-WindowsFeature

 #Allow RDP Access to the server
 Set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0

 #Per Device  
 #$licenseMode = 2

 #Per User  
 $licenseMode = 4

 #Licensing Server  
 $licenseServer = "$env:computername.$env:userdnsdomain"

 Set-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core\" -Name "LicensingMode" -Value $licenseMode  
 Get-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core\" -Name "LicensingMode"  
 New-Item "hklm:\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers"
 New-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers" -Name SpecifiedLicenseServers -Value $licenseServer -PropertyType "MultiString"  
 Get-ItemProperty "hklm:\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers" -Name SpecifiedLicenseServers   

 #Allow Shadowing Users
 # Values: 0 (No Remote Control), 1 (Full Control with user's permission), 2 (Full Control without user's permission), 3 (View Session with user's permission), 4 (View Session without user's permission)
 New-ItemProperty "hklm:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name Shadow -Value 2 -PropertyType "DWORD"

 #Update GPO for Shadowing Users
 gpupdate /force

 #Open the firewall for RDP
 netsh firewall set service remotedesktop

 #reboot may be needed from Windows Feature Installation

Formatted for web with http://codeformatter.blogspot.com/ 

---

I went to setup a basic RDP Session Host, as I usually have done with our old 2008 R2 servers, and I was met with some slight grief. Apparently, in Windows Server 2012, Remote Desktop Configuration Manager is no longer available and you're advised to use the Remote Desktop Management Server (RDMS) in order to "... create and manage [your] Windows Server 2012 Remote Desktop environment." http://blogs.technet.com/b/askperf/archive/2012/10/30/windows-8-windows-server-2012-remote-desktop-management-server.aspx

I just want a stand-alone Session Host running a private RDS License Server on a workgroup - not a full scale deployment on an AD domain. I had tried installing just the two features, but had no way to directly configure the roles and continued to the 120 day notice for not having a configured my RDP Session Host. After tinkering around - here a Google, there a Google, everywhere a google Google - and I think I stumbled upon a simple way to configure just what I wanted with nothing more than just replacing my prior tasks in Remote Desktop Configuration Manager with creating a registry key, creating a registry Multi value string, and editing one registry key.

If you're like me and want to just keep it simple, go ahead and install just the two services - Remote Desktop Licensing and Remote Desktop Session Host, configure your licensing services, and then edit the registry to complete your configuration. <!-insert obligatory-hands-slapped-clean->

Install the two services:

Configure the Remote Desktop Licensing:

Update the licensing mode (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core\LicensingMode) registry key:
Enter 2 for per device mode or 4 for per user mode (By default it is 5 and is invalid)

Add the following LicenseServers key (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers) and create the Multi_SZ String Value SpecifiedLicenseServers (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Parameters\LicenseServers\SpecifiedLicenseServers) :

Reboot and, BAMMM!... Bob's your uncle!