Windows 8.1 / Windows Server 2012 R2 - RDS Shadowing is back!

Windows 8.1 / Windows Server 2012 R2 - RDS Shadowing is back!

  • Comments 11
  • Likes

Hello again AskPerf!  I’m happy to report that Windows Server 2012 R2 reinstates Remote Desktop Shadowing.

This functionality lived in kernel mode through Windows Server 2008 R2, but was removed from the product in Windows Server 2012 when the RDP stack was moved to user mode.

We’ve strived for feature-parity with 2008 R2, with the main visual change being accessibility through Server Manager.

So, where can I find it?

The shadow UI is located in Server Manager under Remote Desktop Services / Collections.

clip_image002

Simply right-click a user’s session and choose Shadow from the context menu, then choose to view or control the session with or without consent.

clip_image003

You may also access shadowing from the command line:

Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]

/shadow:ID Starts shadow with the specified sessionID.

/v:servername If not specified, will use the current server as the default.

/u:username If not specified, the currently logged on user is used.

/control If not specified, will only view the session.

/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.

By default, a shadowee must explicitly give permission to allow their session to be shadowed. To be able to shadow without permission, the administrator must intentionally override this with a group policy set to allow shadowing without user permission.

You’ll find the shadow group policies in the following path (gpedit.msc):

[<Computer Configuration> |<User Configuration>

\Administrative Templates\Windows Components\Remote Desktop Services

\Remote Desktop Session Host\Connections

\Set rules for remote control of Remote Desktop Services user sessions

clip_image005

There are a couple of key limitations that you should be aware of:

  • Only an administrator may shadow sessions. The ability to shadow sessions cannot be delegated to users that are not part of the administrators group.
  • Shadowing is not available in workgroup configurations.

I hope everyone is able to (re)integrate this extremely helpful tool in their remote desktop environments and get those older deployments moved to Windows Server 2012 R2.

-Aaron

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • What about dual monitors scenario? You were not able to use shadow with dual monitors in W2008R2. Why only administrators? This is not really helpful for support groups who should not have full admin access on the servers yet they shall help regular users sorting their issues (typical Citrix/RDS scenario with a published desktop).

  • "Only an administrator may shadow sessions. The ability to shadow sessions cannot be delegated to users that are not part of the administrators group."

    Why? We have clients who use this for training purposes. Given you were striving for 'feature-parity', why wasn't this feature included?

    "Shadowing is not available in workgroup configurations."

    Again, why?

    Were these two features in the too-hard basket or did MS just make the usual assumption that they are seldom-used and thus wouldn't be missed?

    MS continues to cull functionality thinking that people don't use it enough to warrant the work and time and again they find that people DO, in fact, use the functionality and are quite inconvenienced (not mention, annoyed) by the omissions indeed. This article lists a prime example!

    These kinds of decisions that see useful, much-loved functionality removed (or needlessly redesigned to match the aesthetic du jour) are the reason why customers continue to hold onto older operating systems, skipping entire release cycles - if not several in a row.

    While I am pleased that MS have seen that they were wrong to cut the remote shadowing functionality in the first place, it makes me wonder how many - if any - real, day-to-day sysadmins are asked before MS pat themselves on the back and say "well done".

  • Shadowing multimon sessions works in Server 2012 R2.

    There were a limited number of development cycles, especially given this one was of the most aggressive release schedules in Microsoft's history.  Constructive feedback and "wish lists" are welcome if there's anything you'd like to see in future releases.

  • I had a customer ask me for a simple and fast GUI to shadow sessions on his terminal servers. With the help of my script guru we threw together this simple 2 line powershell script. It is setup now to ask the user for consent. You could easily modify the last line to include the /noConsentPrompt command. $selected = Get-RDUserSession | Select-Object -Property Username,HostServer,UnifiedSessionID |Out-GridView -PassThru mstsc /shadow: $selected.UnifiedSessionId /control /v: $selected.HostServer

  • Sorry. My previous post formatting was messed up and it left out a line. The first line should be "Import-Module RemoteDesktop" The rest was correct. Sorry!

  • It's very good future for me. anyone knows if is it possible to allow shadows for both. view and control? sometimes you need to view only, sometimes to control.

  • User needs to accept me shadowing his session - but how can the user tell that I'm still watching him? Will he get notified when I close the shadowing? Is there an icon telling that I'm shadowing his session?

  • How about bringing this functionality to the rdp client? It's time to bring functionality across the board. These version based -artificially imposed restrictions are already killing your market. It's so simple to use, say, webex to share screen. Why does it need to be so complicate /convoluted to use it natively on windows? Get your act together guys.

  • "Shadowing is not available in workgroup configurations."

    It was in 2008.

    "We’ve strived for feature-parity with 2008 R2"

    Missed again.

    "I hope everyone is able to (re)integrate this extremely helpful tool in their remote desktop environments and get those older deployments moved to Windows Server 2012 R2."

    Not yet.

  • Administrators Only? No way to delegate? GUI only through multiple clicks in the Server Manager? Useless.

  • I used shadowing all of the time to assist users. The reason they removed the ability to shadow without prompting was due to security. Users did not want support to be able to view someones confidential information without the user knowing.
    This makes sense in the financial and medical fields, but is just a massive pain in others.
    I think it's a bad sign when people do not trust their support staff.