Shadow mode for the remote desktop

To support me, you can subscribe to the channel, share and like the videos, disable your ad blocker or make a donation. Thank you!

Hello,

Remote Desktop Shadow mode will allow you to connect without disconnecting the current user.

Prerequisites
-    Enable remote desktop (RDP) on the workstation
-    Enable shadow remote desktop functionality
-    Allow remote desktop and remote administration at firewall level
-    Have an administrator account on the remote computer.

Powershell configuration of remote desktop shadow mode.

# Enable remote desktop on workstation :
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
# (RDP) shadow configuration :
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -Name 'Shadow' -Value '2' -Type DWord
# No control allowed (0)
# Full control with user authorisation (1)
# Total control without user authorisation (2)
# Show session with user permission (3)
# Show session without user permission (4)
# Allow remote desktop and remote administration at firewall level :
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop', 'Remote Administration'.
# Remote computer name or IP :
$computername = '10.0.0.57'
# Display the session number locally (usually 1 or 2 on virtual machines) :
quser
# or
qwinsta
# Display the session number remotely (requires an account with administrator rights):
query session /server:$computername
# Connect with consent and with control :
Mstsc.exe /shadow:1 /v:$computername /control
# Connect without consent and with control :
Mstsc.exe /shadow:1 /v:$computername /control /noConsentPrompt
# Log on without consent, with control and by giving credentials:
Mstsc.exe /shadow:1 /v:$computername /control /noConsentPrompt /prompt
# If access is denied, test by disabling remote UAC restriction on the remote computer:
New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -PropertyType DWord -Value 1

UAC remote restriction documentation: https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/user-account-control-and-remote-restriction

Video : Shadow mode for the remote desktop

Related links