Shadowing RDS 2012 Sessions

Server 2012 R2 Remote Desktop Services brings a new feature called shadowing, which allows administrators to view sessions.

This can be done through the GUI or through the use of Command Line.


As you can see from the MSTSC Connection Usage help Window, there are three new commands that we can use for connecting to end user sessions. There are two types of Shadowing ( view & control) and the option to select “No Consent” which means you don’t need the end user’s approval/permission before connecting to their session.

Here is the command line for Shadowing:

Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]

/shadow:ID Starts shadow with the specified sessionID.

/v:servername If not specified, will use the current server as the default.

/u:username If not specified, the currently logged on user is used.

/control If not specified, will only view the session.

/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.

RDS GUI Shadowing:


As you can see from the screenshot provided above, there are three users showing in the connections task pane. By right clicking on the user, you will be presented with the following options:

Shadowing Option

Select Shadow and you will be presented with a Shadowing options box.

Shadowing Option2

As mentioned earlier, you have the option of viewing , controlling and prompting for user consent. For this example we are going view and request the users permission to shadow their screen.

Shadowing 1

Once the request has been sent, you will see the Remote Desktop Connection loading box.


The requester will see this box until the end user actions the request.


If the end user refuses the connection, you will see the above error.

When the user selects yes, you will then be able to view their screen.

Shadowing 2

As you can see from the screenshot, we are now viewing the user’s screen.

If we try and access the User’s session with out their permission, we are presented with the following error message.

Shadowing GP Setting required

This is an out of the box feature and to disable it,  you will need to apply a Group policy.

Shadowing GP Setting required 1-4

The Group Policy that needs to be changed is located under  Administrative Templates>Windows components>Remote Desktop Services>Remote Session Host>Connections. “Set rules for remote control of Remote Desktop Services user sessions”

Shadowing GP Setting required computer policy

This can be applied as a user or computer policy.

PowerShell RDS Shadowing:

To shadow User sessions using PowerShell, we first need to Find the session ID’s of our users.

For this I will use the following:

Get-RDUserSession | ft Username, UnifiedSessionId, SessionState, HostServer, ApplicationType -GroupBy Sessionstate -Wrap

The following Cmd organises User Active and Disconnected RDS sessions. This is also useful for reporting.


Once you have obtained the Session ID’s , you can then connect to that session.


mstsc /shadow:<ID> /Control

If you don’t want to request the user’s permission add the /noconsentprompt


For more information on shadowing please see the articles from TechNet and Freek Berson RDS MVP:

3 thoughts on “Shadowing RDS 2012 Sessions

Add yours

  1. Whenever I setup the shadowing via Group policy the shadowing feature is reset after each use. For instance when an administrator logs on and connects with another user using the shadowing feature it works. As soon as the shadowing session ends the shadowing feature is no longer available for use unless the server is restarted. How can I keep the shadowing feature turned on? What is making it disconnect after each session?

  2. Ryan, we have an issue where some of our RDSH servers never get a UnifiedSessionID for the user who logged on. This just started happening in the past few months. Servers that work seem to always work, but especially new servers (built from the same image) never get a UnifiedSessionID for the user registered in the database. I have looked online and seen others with this problem but nobody with a resolution.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: