Skip to content

Enables you to remotely control an active session of another user on a Remote Desktop Session Host server without admin rights.

License

Notifications You must be signed in to change notification settings

stetze/RDS-Shadow

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Stargazers MIT License


Logo
RDS-Shadow

Made with Microsoft Template Studio

Pre-requisites

1. Active Directory
Create an AD-Group "Domain\RDS-Shadow"
Add Users in "Domain\RDS-Shadow"

2. Configure the database for the Connection Broker

USE [master]
GO
CREATE LOGIN [Domain\RDS-Shadow] FROM WINDOWS WITH DEFAULT_DATABASE=[RDSFARM]
GO
USE [RDSFARM]
GO
CREATE USER [Domain\RDS-Shadow] FOR LOGIN [Domain\RDS-Shadow]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE VIEW [dbo].[Shadowing]
AS
SELECT Session.UserName, Pool.DisplayName AS PoolName, Target.Name AS ServerName, Session.SessionId
FROM rds.Session AS Session
INNER JOIN rds.Target AS Target ON Target.Id = Session.TargetId
INNER JOIN rds.Pool AS Pool ON Target.PoolId = Pool.Id
WHERE (Session.State = 0) OR (Session.State = 1)
GO
GRANT SELECT ON [dbo].[Shadowing] TO [Domain\RDS-Shadow]
GO

3. Add the Group (Domain\RDS-Shadow) to the role db_datareader

ALTER ROLE db_datareader ADD MEMBER [Domain\RDS-Shadow]

4. Add rights to Terminalserver

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\rds-shadow",2

Available on msstore

or installation via winget "winget install 9NLQV1VWWCLC -s msstore"

About

Enables you to remotely control an active session of another user on a Remote Desktop Session Host server without admin rights.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages