Share via

Remote Desktop Services: Session Shadowing

  • Article

Overview

The shadow feature returns with Windows Server 2012 R2.  Shadow allows server administrators to either view or take control of RDP sessions.  It can be very helpful in a variety of scenarios such as IT administrators assisting users.

New in Server 2012 R2 is Server Manager Integration.  From a Server Manager RDS Collection simply select the session you wish to shadow, right-click and select Sshadow.  You will be prompted to either view or take control of the session.

Command line invocation is still supported, but now it is integrated within the Remote Desktop Client.  This allows you to shadow a session without first TS’ing into the server.   From an elevated command prompt on the server, run QWINSTA to get a list of the sessions available to be shadowed. Then run mstsc /shadow:<SessionIDToShadow>  to shadow a session along with optional parameters such as /control or /noConsentPrompt.

Controlled by Group Policy

By default, an administrator has full control with user’s permission.  If set to user’s permission, when an administrator attempts to shadow a session, the user will be notified and they must give their consent to allow the session to be shadowed.

Use gpedit.msc to manager Shadow group policy settings.  Shadow Group Policy can be set either at the computer or user level and is located under Administrative Templates\Windows Components\Remote Desktop Servers\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions.

Five different levels of control are available:

No remote control allowed

Full control with user’s permission

Full control without user’s permission

View Session with user’s permission

View Session without user’s permission

New in Server 2012 R2
**
**Integration with Server Manager

Integration with Remote Desktop Client

Shadowing of virtual machine-based desktops

Improved auditing in the event logs

Multimon and smart sizing support

The following table shows which Microsoft RD clients can be used by an administrator to 'shadow' a session or VM:

 

Host (that the admin wants to shadow)

Clients (that the admin is using)

Windows 7 SP1 (guest)

Windows 8.1 (guest)

WS 2012 R2 RDSH

Servermanager

No

Yes

Yes

Windows 8.1 mstsc

No

Yes

Yes

Windows 7.1 w/ 8IP update

No

Yes

Yes

Windows Store RD client

No

No

No

iOS

No

No

No

MacOS

No

No

No

Android

No

No

No

See Also

An external article showing 'how to' use the Shadow feature in Windows Server 2012 R2 is here.

A short video demonstrating Shadow in Server 2012 R2 is available here.