Recently I have upgraded our Terminal Services environment to Remote Desktop Services 2012R2.
On a regular base I received requests from the Helpdesk to logoff RDS users or provide them with a session id and a server name for shadowing users. After doing so for some time, I decided to create this tool for the Helpdesk, so that they could retrieve this information by themselves. It also provides them with the option to logoff or shadow users.
Image may be NSFW.
Clik here to view.
How it works:
The RDS User Session Control is a portable executable application accompanied with a settings.ini file. The settings.ini file only contains the fqdn of the Connection Broker. Which can be changed to reflect your Connection Broker server. Every time you start the RDS User Session Control application, it searches for the settings.ini file in the same directory as the RDS User Session Control executable. When it’s not found, you get an error message. Then you can search for a user by entering part of the login name or using a wildcard. If it finds any users, you can select a user and perform the action to either logoff or shadow the user.
Security:
To retrieve the user sessions from the Connection Broker, it uses the Get-RDUserSession cmdlet from the RemoteDesktop Powershell module. It order to let Helpdesk group to use this cmdlet and make a connection to the Connection Broker, I had to add the Helpdesk group to the local administrators group of the connection broker. I couldn’t find a better way. This could be an security issue for your organization. If you know a better solution, please let me know. In order to let the Helpdesk people to make use of the shadow option, you need to grand them that right on the RDS host servers. In order to do that, you need to run this command on every host server:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName=”RDP-Tcp”) CALL AddAccount “DOMAIN\HelpdeskGroup”,2
Notes:
The RemoteDesktop module is only available for Windows 8 and 2012 or higher. Our Helpdesk group is using Windows 7, so I had to publish this application as a RemoteApp on our RDS environment. This works perfectly fine.
Download:
