How to Shadow a users' session

This will cover how to find and shadow a users' session

This process can be useful for connection to a machine that's on the internal network but for whatever reason can't get to the naremote.com page or can't be connected via other methods

1. Have the user provide the computer name or walk them through pulling it up in CMD:

    a. search for CMD using the start button

    b. launch it by selecting the option that says "command prompt"

    c. type in "hostname" and hit enter

    d. have them provide the hostname that displays underneath the command

2. Connect to a server or machine on the same network as the machine you need to shadow

3. Pull up an elevated CMD window and use this command to find the session ID replacing "computername" with the name of the computer you'd like to shadow: 

query user /server:computername

4. After determining the session ID number listed next to the correct username of the user input that and the computer name into the following command to shadow the session replacing "ID" with the ID number of the correct user and "computername" with the name of the computer: 

mstsc.exe /shadow:ID /v:computername /control

This particular command will prompt the user to allow the connection by default. If you need to connect without a consent prompt or need to connect using a different user account you can use a few other switches. See below for a breakdown of the switches already used and others available with this command:

  • /shadow:ID – connect to the user’s RDP session with the specified ID;
  • /v:servername – you can specify the hostname or IP address of the remote RDP/RDS host. If not set, connections are made to local user sessions on the current host;
  • /control – allows to interact with the user session (desktop). The administrator can control the user’s mouse, input data from the keyboard. If this parameter is not set, the user’s session view mode is used;
  • /noConsentPrompt – the option allows the administrator to force the connection to any session without asking the user to confirm the connection;
  • /prompt – allows to connect with other credentials. The user name and password are requested to connect to the remote computer.

This process can be useful for connection to a machine that's on the internal network but for whatever reason can't get to the naremote.com page or can't be connected via other methods

https://woshub.com/rds-shadow-how-to-connect-to-a-user-session-in-windows-server-2012-r2/

Was this article helpful?

Related Questions