Skip to main content
InSource Solutions

TN WW213 How to shadow an established RDP Session on Windows 10 Pro

  1. Last updated
  2. Save as PDF

InSource_Logo_Transparent.png

Description

 

This article from InSource shows how to shadow an established RDP Session on Windows 10 Pro,

  • Author: Rufus Handsome
  • Published: 06/26/2020
  • Applies to: Windows 10 Pro and Server 2012R2 and Higher

Details

In order to establish shadow connection to a user session, you must use the standard RDP tool mstsc.exe. The command looks like this:

Mstsc.exe /shadow:<Session ID> /v:<Computer name or IP address>

You can also use one of the following options:

  •  /prompt – request a user credentials to connect (if not specified, you will be connected with the current user credentials);
  •  /control – the mode that allows to interact with the user session. If the parameter is not set, you will be connected to a user session in a view     mode, i. e. you won’t be able to control a user’s mouse or enter data from the keyboard;
  •  /noConsentPrompt – allows not to prompt the user for confirmation to connect to a session.


TO ENABLE REMOTE SHADOWING:

Remote shadowing setting is configured using a Group Policy or by registry modification. You can configure whether you need to request the user confirmation to connect, and whether view or control is allowed in the shadow session.

The policy is located in the GPO editor section Computer Configuration -> Policies -> Administrative Templates -> Windows components -> Remote Desktop Services -> Remote Session Host -> Connections and called Set rules for remote control of Remote Desktop Services user sessions.

Alternatively, Instead of enabling the policy, you can set the necessary value in the DWORD registry parameter Shadow in the HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services registry key. The allowed values are:

0 – disable remote control;
1 — full control with user’s permission;
2 — full control without user’s permission;
3 — view session with user’s permission;
4 — view session without user’s permission.

By default, this registry parameter is not set and the shadow connection is performed in full control mode with user permissions.

NOTE - To connect to a user session remotely using shadowing, the connecting account must have the administrator permissions and Remote Desktop (RDP) enabled on the Windows 10 computer (in the System Properties).


CONNECTING TO REMOTELY TO A WINDOWS 10 WORKSTATION

1st - Remotely request the list of sessions on the Windows 10 workstation using the following command (minus the quotes):

"qwinsta /server:IPAddress"

Key Points:

The RemoteRPC must be enabled on the client via Registry Editor:

Registry Key:  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
Value:  “AllowRemoteRPC”=dword:00000001

 

  1.) Look for the active "console" user session with the ID = (some ID# like 1,2,or 3 etc..) on the computer.
  2.) Connect to the user session ID# using the command, "Mstsc /shadow:ID#) /v:"IPAddress"
  3.) The Windows 10 user will see a request on the screen to allow remote session viewing (The user must accept the session).
      Note - The session will allow viewing of user actions but no control.
      Note - To end the shadow session, press alt+* on the desktop computer or ctrl+* on the RDS server.