We have a few Windows 10 Pro computers with Remote Desktop enabled. There are "client" machines running Windows 10 Pro and Windows 10 Home.
Is it possible to programmatically check, from a client machine, that the remote computer is already occupied by someone? That is, if another remote client is already connected to it? If so, can I do this without breaking the existing remote connection?
When a user logs on to a Remote Desktop Services–enabled computer, a
session is started for the user. Each session is identified by a
unique session ID. Because each logon to a Remote Desktop Connection
(RDC) client receives a separate session ID.
Refer: Remote Desktop Sessions
You can use the WTSEnumerateSessions function to retrieve the identifiers of all sessions on a specified RD Session Host server.
WTSEnumerateSessions : Retrieves a list of sessions on a Remote Desktop Session Host (RD
Session Host) server.
Note:
To enumerate a session, you must enable the query information
permission. For more information, see Remote Desktop Services
Permissions.
To change permissions on a session, use the Remote Desktop Services
Configuration administrative tool.
To enumerate sessions running on a virtual machine hosted on a RD
Virtualization Host server, you must be a member of the
Administrators group on the RD Virtualization Host server.
If you want to retrieve the session ID of the current session that the remote desktop service is running, you can call WTSQuerySessionInformation and specify WTS_CURRENT_SESSION for the SessionId parameter and WTSSessionId for the WTSInfoClass parameter.
You can use the query session command from the command line.
If you're on the same local network as the remote computer, then you can directly use the query session:
Use the command query session /SERVER:<remote pc name, or IP address>
If there is someone actively logged into the console, then it returns console <username> Active as the state. However, this can also mean someone logged in, the session locked, and they walked away for coffee. It doesn't actually mean they are doing something in the session; they are simply logged into the console. This state also occurs if you use another remote login software such as TeamViewer, since it logs in as an active console.
C:\Users\Myself>query session /server:LabServerPC
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
console LabUser 1 Active
rdp-tcp 65536 Listen
If the computer is already in use by a remote desktop session, it will return it as a session as the active state. In this case rdp-tcp#1 <username> Active.
C:\Users\Myself>query session /server:LabServerPC
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
rdp-tcp#1 LabUser 1 Active
console 3 Conn
rdp-tcp 65536 Listen
If you are operating via a VPN, or off the native network, it may be easier to remotely log into the PC using SSH and then query the session directly. In this case, you would use query session only.
Related
We recently discovered a quirk in one of our RDP servers and I cannot figure out why this is happening.
OS: Windows Server 2019 Datacenter - AWS EC2 instance
Low user population system. Between 3 and 5 users simultaneously logged into this system at any time. Used exclusively for SQL access to an AWS RDP SQL Server instance via SSMS.
Scenario A:
User starts their day and logs into the remote server via RDP successfully. They use the system for a while, then minimize the window while they work on something else. After the inactivity period elapses, the remote server forces the user to re-enter their credentials.
(All normal up to this point) ...
The user swears they're entering their password the exact same way the logged into the system at the start of the day, but Windows complains it's a bad password. User attempts their password four (4) more times, and the system immediately reboots.
The only thing in the event logs is this message:
The process C:\Windows\system32\winlogon.exe (HOSTNAME) has initiated the restart of computer HOSTNAME on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment:
Scenario B (same user as above):
User connects to a fresh RDP session where they were not previous logged in. Login is successful. They use the system for a while, then minimize the window as before and the remote session eventually forces the user to re-enter their credentials.
Same as before, the user enters their password but the server complains its incorrect.
This time, however, the user closes the RDP window and re-starts the RDP session entirely. Password was accepted this time.
Question: What could possibly be causing the server to reboot? I see no other evidence of any failures or errors in the system events to point to any software or OS problems.
Is there any way to detect whether Windows 10 servers are running headed or headless mode using the command line?
What thing get change when the user disconnects himself from the window server?
Query session should provide whether the user disconnected from RDP or logged out from the console, but with other remote access solutions there is no universal indication.
Here's an example of query session on a computer with an active console session (not headless):
C:\Users\foo>query session
SESSIONNAME USERNAME ID STATE TYPE DEVICE
services 0 Disc
>console foo 1 Active
31c5ce94259d4... 65536 Listen
rdp-tcp 65538 Listen
and here's a counterexample of using psexec to get the output of query session from a machine with disconnected RDP users, and no one on the console session:
C:\Users\administrator>psexec \\target -s query session
PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
SESSIONNAME USERNAME ID STATE TYPE DEVICE
>services 0 Disc
console 1 Conn
jsmith 3 Disc
Administrator 12 Disc
rdp-tcp 65536 Listen
query exited on target with error code 1.
The definition of "headless" is also somewhat fraught, since VGA does not require backwards signaling, so if a server has no monitor connected, but is logged in and outputting video - is it "headless"? Does it know that it is headless?
I have a shared folder on a windows 10 host machine. I could access it from a windows 10 client machine, where I had set "remember credentials" when first accessing the share. I changed the password on the host. Now the client cannot access the shared folder. That was expected. But I could not find a way on the client to allow the user to re-establish access to the shared folder.
I expected it would ask for credentials again. However I got a network error saying that windows cannot access the host machine.
Based on a number of entries on various forums, I tried a few things. The credentials manager on the client does not show the host. I stopped and restarted file and printer sharing on the client, without any change in the result. Network diagnosis and the windows troubleshooter gave no help.
The problem was due to some previous connections remaining in the network table, even though disconnected, as presented by the "net use" command from the command prompt.
>net use
Status Local Remote Network
--------------------------------------------------------------------------
Disconnected \\192.168.1.71\IPC$ Microsoft Windows Network
Disconnected \\HOST\IPC$ Microsoft Windows Network
After deleting them (via "net use /delete") the next attempt to access the host asked for credentials. Yay!
I began the path to the solution when I tried
net use z: \\host\shared /user:admin password
which gave system error 1219 stating multiple connections to a server are not allowed. Disconnect all previous connections and try again. Obviously, even though known to be disconnected, the entries prevented reconnection.
We have a remote support tool that allows us to connect to machines behind a NAT firewall. Once connected, we can choose to either connect to the console session or to any active RDP session from a list. We cannot connect to inactive/disconencted RDP sessions, and the tool has no way to create new loopback/redirected RDP sessions. What we would like to do is find a way to spawn these RDP sessions via a script or a small application so that the support tool can detect them and allow us to connect. The motivation to get this working is to be able to have multiple techs access the same server simultaneously (up to one active console session and two active RDP sessions, all at the same time, for a total of three techs).
If we log on to the console session of the target servers and then RDP to the loopback, we see the new RDP session in our support tool, which we can then select and connect to. The problem is that this RDP session creation depends on the console session. It also gives the console session access to the RDP session, and if the RDP window is minimized then the output/input for that session in our support tool is frozen. I was able to use the PS script Connect-Mstsc (mostly just a wrapper for mstsc.exe but with support for adding creds) to create RDP sessions from another random server on the remote internal network to the target server we want to create a new RDP session on. This works well from an automation standpoint but we have the same limitation described above - it only works if run interactively. If you run this from a SYSTEM shell remotely, the RDP session never appears in our support tool.
The remote support tool in question is ScreenConnect and our servers are all Windows, mostly 2012 R2, all AD environments. I think the core challenges to this solution are getting the RDP sessions created and active in a non-interactive fashion, and then preventing RDP from freezing the session input/output.
I have RDP access and administrative privileges on Windows Server 2008 R2. While other users are connected via RDP, I can remotely contol their session. When user is disconnected (but the session is still alive), I can't use remote contol for some reason. Is there any way to login to user's session without entering his password?
http://support.microsoft.com/kb/281156
Cannot remote control a session which is in disconnected state.