June 21, 2010

Shadow a Terminal Server Session Without Prompt for Approval

Filed under: Server 2003,Tips n Tricks — Rahul Patel @ 3:15 pm

Using windows 2003 and want to gain session access to another users session. Perhaps the person you are asking for shadow permission has an issue on his desktop and cannot figure it out,

To “Shadow” you have to know the session id of the user’s session that you want to view and or take over. Right click on your taskbar and select task manager. Go to Users and pick the users name and the session number should be located to the left of the name.
Shadow 0 and on the users session it will pop up a dialog box asking the other user for permission for you to access the session.

Of course this can be denied from the other user. Frustrating? 😦

To shadow any other session, without a prompt, you would use the RDP-TCP Properties dialog, on the Remote Control tab, and clear the require users permission box.

To remote control the console (session 0) without a prompt for approval:

1. On the Terminal Services server, Start –> Run –>Gpedit.msc –> OK.

2. Navigate through Computer Configuration–> Administrative templates –> Windows Components –> Terminal Services.

3. Right-click Remote Control Settings and press Properties.

4. Select the Enabled option.

5. Select Full Control without user’s permission, under Options.

6. Press OK.

7. Exit the Group Policy Editor.

8. To force this local policy to update now, open a CMD prompt, type gpupdate /force, and press Enter.

When you establish a Remote Desktop session, you can connect to the console and remote control it:

1. Open a CMD prompt.

2. Type Shadow 0 and press Enter.

The user will NOT be prompted for permission.

Well this can be exploited and used in many wrong ways. So just be careful and use it wisely… 🙂

Source :http://support.microsoft.com/kb/292190

Blog at WordPress.com.