Basic RDS 2012 R2 Shadowing Console

Whereas older versions of Windows had the tsadmin.exe utility, Server 2012 R2 doesn’t have anything equivalent. Helpdesk staff need a simple, easy to manage and configure console to allow them to shadow Remote Desktop users.

Luckily this is pretty easy to achieve thanks to PowerShell, the re-introduced shadowing feature in Windows Server 2012 R2 and the Remote Desktop Client (v6.3.9600).

I use Get-RDUserSession to query the Connection Broker for all user sessions, then display the active ones in a PowerShell GridView (not much point trying to shadow a disconnected session). A session can be selected and the SessionID and HostServer parameters are then passed to mstsc.exe with the /shadow and /control options.

Aside from needing the right permissions to query the Connection Broker and shadow, you also need to have PowerShell v3 or higher and have installed the RSAT-RDS-Tools. Then just create a shortcut to the PowerShell script, e.g.

powershell.exe C:\Scripts\ShadowSession.ps1

Finally, set the $ConnectionBroker to be the fully qualified name of your connection broker server.

$ConnectionBroker = "cbr01.rcmtech.co.uk"

$AllSessions = Get-RDUserSession -ConnectionBroker $ConnectionBroker
if($AllSessions -eq $null){
    [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
    $Title = "Shadowing"
    $Message = "No user sessions found, sorry!"
    $Buttons = [System.Windows.Forms.MessageBoxButtons]::OK
    $Icon = [System.Windows.Forms.MessageBoxIcon]::Exclamation
    [System.Windows.Forms.MessageBox]::Show($Message,$Title,$Buttons,$Icon)
    return
}

$ActiveSessions = $AllSessions | Where-Object -Property SessionState -EQ "STATE_ACTIVE"
$GridView = $ActiveSessions | Select-Object -Property CollectionName,UserName,CreateTime,HostServer,SessionID
$Session = $GridView | Out-GridView -Title "Remote Desktop Shadowing - Active Sessions" -OutputMode Single

if($Session -eq $null){
    # No session selected, user probably clicked Cancel
    return
}

mstsc /v:($Session.HostServer) /shadow:($Session.SessionId) /control | Out-Null
This entry was posted in PowerShell, Remote Desktop, Scripting and tagged , , , , , , , , , , . Bookmark the permalink.

5 Responses to Basic RDS 2012 R2 Shadowing Console

  1. Mark says:

    Hi – Nice script, but what permissions did you set on the connection broker to allow the query in the first place?

  2. rcmtech says:

    At the moment the only permissions I’ve found that work are full Administrator group membership. I’ve just found a thread where somebody is asking the same thing on the TechNet Forums and will be keeping an eye on it to see if anyone finds a better method. For the time being I’m planning on adding shadowing users to a group and then giving that group both Administrators group membership and also a deny on being able to make a Remote Desktop connection to the connection brokers themselves.
    http://social.technet.microsoft.com/Forums/en-US/84cccfce-9ac2-4211-8e1d-a836e3e1ab15/permissions-needed-to-query-a-connection-broker?forum=winserverTS

  3. Pingback: RDSH 2012 R2: Shadow Users without Connection Broker admin rights | Robin CM's IT Blog

  4. Philipp Reitberger says:

    Found a solution to this problem in using the command “query session” instead of “Get-RDUserSession”. A way to parse the output of “query session” with a function called “Get-ComputerSessions” is found here:

    http://learn-powershell.net/2010/11/01/quick-hit-find-currently-logged-on-users/

    The code now has to look like this (TS001 and TS002 are the Terminal-Servers):

    $AllSessions = Get-ComputerSessions TS001, TS002
    if($AllSessions -eq $null){
    [System.Reflection.Assembly]::LoadWithPartialName(“System.Windows.Forms”) | Out-Null
    $Title = “Shadowing”
    $Message = “No user sessions found, sorry!”
    $Buttons = [System.Windows.Forms.MessageBoxButtons]::OK
    $Icon = [System.Windows.Forms.MessageBoxIcon]::Exclamation
    [System.Windows.Forms.MessageBox]::Show($Message,$Title,$Buttons,$Icon)
    return
    }

    $ActiveSessions = $AllSessions | Where-Object -Property State -EQ “Aktiv”
    $GridView = $ActiveSessions | Select-Object -Property Username, Id, Computer | Sort-Object Username
    $Session = $GridView | Out-GridView -Title “RDP-Sessions” -OutputMode Single

    if($Session -eq $null){
    # No session selected, user probably clicked Cancel
    return
    }

    mstsc /v:($Session.Computer) /shadow:($Session.Id) /control | Out-Null

  5. Pingback: Why I’m not deploying Windows desktops using Remote Desktop Services | Robin CM's IT Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s