Thoughts from the EPS Windows Server Performance Team
Useful Microsoft Blogs
Hello again AskPerf! I’m happy to report that Windows Server 2012 R2 reinstates Remote Desktop Shadowing.
This functionality lived in kernel mode through Windows Server 2008 R2, but was removed from the product in Windows Server 2012 when the RDP stack was moved to user mode.
We’ve strived for feature-parity with 2008 R2, with the main visual change being accessibility through Server Manager.
So, where can I find it?
The shadow UI is located in Server Manager under Remote Desktop Services / Collections.
Simply right-click a user’s session and choose Shadow from the context menu, then choose to view or control the session with or without consent.
You may also access shadowing from the command line:
Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]] /shadow:ID Starts shadow with the specified sessionID. /v:servername If not specified, will use the current server as the default. /u:username If not specified, the currently logged on user is used. /control If not specified, will only view the session. /noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.
Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]
/shadow:ID Starts shadow with the specified sessionID.
/v:servername If not specified, will use the current server as the default.
/u:username If not specified, the currently logged on user is used.
/control If not specified, will only view the session.
/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.
By default, a shadowee must explicitly give permission to allow their session to be shadowed. To be able to shadow without permission, the administrator must intentionally override this with a group policy set to allow shadowing without user permission.
You’ll find the shadow group policies in the following path (gpedit.msc):
[<Computer Configuration> |<User Configuration> \Administrative Templates\Windows Components\Remote Desktop Services \Remote Desktop Session Host\Connections \Set rules for remote control of Remote Desktop Services user sessions
[<Computer Configuration> |<User Configuration>
\Administrative Templates\Windows Components\Remote Desktop Services
\Remote Desktop Session Host\Connections
\Set rules for remote control of Remote Desktop Services user sessions
There are a couple of key limitations that you should be aware of:
I hope everyone is able to (re)integrate this extremely helpful tool in their remote desktop environments and get those older deployments moved to Windows Server 2012 R2.
What about dual monitors scenario? You were not able to use shadow with dual monitors in W2008R2. Why only administrators? This is not really helpful for support groups who should not have full admin access on the servers yet they shall help regular users sorting their issues (typical Citrix/RDS scenario with a published desktop).
"Only an administrator may shadow sessions. The ability to shadow sessions cannot be delegated to users that are not part of the administrators group."
Why? We have clients who use this for training purposes. Given you were striving for 'feature-parity', why wasn't this feature included?
"Shadowing is not available in workgroup configurations."
Were these two features in the too-hard basket or did MS just make the usual assumption that they are seldom-used and thus wouldn't be missed?
MS continues to cull functionality thinking that people don't use it enough to warrant the work and time and again they find that people DO, in fact, use the functionality and are quite inconvenienced (not mention, annoyed) by the omissions indeed. This article lists a prime example!
These kinds of decisions that see useful, much-loved functionality removed (or needlessly redesigned to match the aesthetic du jour) are the reason why customers continue to hold onto older operating systems, skipping entire release cycles - if not several in a row.
While I am pleased that MS have seen that they were wrong to cut the remote shadowing functionality in the first place, it makes me wonder how many - if any - real, day-to-day sysadmins are asked before MS pat themselves on the back and say "well done".
Shadowing multimon sessions works in Server 2012 R2.
There were a limited number of development cycles, especially given this one was of the most aggressive release schedules in Microsoft's history. Constructive feedback and "wish lists" are welcome if there's anything you'd like to see in future releases.
I had a customer ask me for a simple and fast GUI to shadow sessions on his terminal servers. With the help of my script guru we threw together this simple 2 line powershell script. It is setup now to ask the user for consent. You could easily modify the last line to include the /noConsentPrompt command.
$selected = Get-RDUserSession | Select-Object -Property Username,HostServer,UnifiedSessionID |Out-GridView -PassThru
mstsc /shadow: $selected.UnifiedSessionId /control /v: $selected.HostServer
Sorry. My previous post formatting was messed up and it left out a line. The first line should be
The rest was correct.
It's very good future for me. anyone knows if is it possible to allow shadows for both. view and control? sometimes you need to view only, sometimes to control.
User needs to accept me shadowing his session - but how can the user tell that I'm still watching him? Will he get notified when I close the shadowing? Is there an icon telling that I'm shadowing his session?
How about bringing this functionality to the rdp client? It's time to bring functionality across the board. These version based -artificially imposed restrictions are already killing your market. It's so simple to use, say, webex to share screen. Why does it need to be so complicate /convoluted to use it natively on windows? Get your act together guys.
"Shadowing is not available in workgroup configurations."
It was in 2008.
"We’ve strived for feature-parity with 2008 R2"
"I hope everyone is able to (re)integrate this extremely helpful tool in their remote desktop environments and get those older deployments moved to Windows Server 2012 R2."
Administrators Only? No way to delegate? GUI only through multiple clicks in the Server Manager? Useless.
I used shadowing all of the time to assist users. The reason they removed the ability to shadow without prompting was due to security. Users did not want support to be able to view someones confidential information without the user knowing.
This makes sense in the financial and medical fields, but is just a massive pain in others.
I think it's a bad sign when people do not trust their support staff.
need to allow users who are in internet out of domain to enter user name and password to login to app after launching it from RDS page (user@domain and password) is there any way to only enter user+password or it must take user name and password from the
main login page
Thanks sin Advance
Please add for non-domain environments too!
Why is it so difficult to get this working?? I have had to install as a domain controller first (which I didn't have to do before) and now I have gone through adding Active Directory (which I didn't have to do before) and I STILL can't see the "Collections"
in the server manager screen. Now it tells me that the "Server Pool does not match the RD Connection Brokers that are in it" - what the hell does that mean? This was standard functionality in previous versions and is now ridiculously complicated. I agree with
the person below - if you think people don't need things FIND OUT FIRST before removing them or making them impossible to implement. My servers are hosted in the cloud so remote desktop shadowing is essential for me as all my support is remote. If there were
negative stars, you would get lots of them for Server 2012... and Windows 8 as well....
We need RD shadowing in a workgroup environment. Please reinstate ASAP.