Backtrack:  
 
by lunarg on January 8th 2014, at 12:13

Remote Desktop Services shadowing is back with 2012 R2 after a leave of absence in regular 2012. However, for this to work out of the box, you need to have the scenario-based RDS deployment, which installs a whole bunch of stuff even when unwanted.

If you've opted for the roles-based installation of RDS Session Host (which is what makes your server into an RDS server), you're missing out on a whole lot of management tools, including the ability to shadow. Luckily, there are a few workarounds (using CLI) which provides us with the necessary things to perform shadowing.

Client requirements

Shadowing requires version 8.1 of the RDS client, so if you're not running Windows 8.1 or 2012 R2 on which you want to do the shadowing, you probably need to install the required update first. You can quickly check whether the client can do shadowing by running it with the command line parameter reference from the command line:

mstsc /?

Check whether the /shadow parameter is present in the dialog. If not, you're not running the latest version.

Session ID

In order to do shadowing, you need the session id. Normally, you would get this from Server Manager but as you're not running a scenario-based deployment, this is not available. Retrieving the information through Powershell doesn't work either, as the cmdlet checks this as well.

There's another command available though (since 2008R2) which provides you with the required info. Just run it without any parameters at a command prompt:

qwinsta

It will output several things, such as session and user name, the state of the session (active/disconnected), and also the session ID, which is what you need:

Example output
C:Windowssystem32>qwinsta
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
>rdp-tcp#103       Admin                     1  Active
 rdp-tcp#98        User1                     2  Active
 rdp-tcp#88        User2                     3  Active
 rdp-tcp#76        User3                     4  Active
 rdp-tcp#107       User4                     5  Active
 rdp-tcp#100       User5                     7  Active
 console                                     9  Conn
 rdp-tcp                                 65536  Listen

Shadow a session

Next up, run mstsc/span> with the parameters to start shadowing a session:

mstsc /shadow:ID /control

The example above will attempt to shadow session "ID" and requests to take control of the session. By leaving out /control, you will only be able to view the session.

Example

So, if I wanted to take over User3's session, I would run this on the RDS server:

mstsc /shadow:4 /control

Additional parameters

By default, running the command as such will require you to run it on the RDS server itself (which is fine in most cases). If for some reason you need to run it from another computer, you have to specify the server and possibly the user name of someone who's allowed to do shadowing:

mstsc /shadow:ID /v:YOUR-RDS-SERVER /u:MY-ADMINISTRATOR

By default, the user whose session you wish to shadow has to give consent to view and/or control his/her session. If you want to try and override this, add the /noConsentPrompt:

mstsc /shadow:ID /control /noConsentPrompt

Note that this does not necessarily work. The permission to shadow without consent has to be set up using a group policy, even for Full Administrators. To set this up, read: Allow RDS shadowing without consent through GPO.

Additional information

By default, only users who have local admin rights can do shadowing. To allow shadowing for an arbitrary user or group, see: Allow non-administrators to do RDS shadowing.

Shadowing does not work in workgroup configurations.