Connecting to Windows Server 2012 R2 console session with RDP

Question

I need a server process to run with full access to the physical desktop of the server. I also need to view/control it's state remotely.

My current solution involves a VNC Server service, but I want to have a more "native" solution.

I tried using RDP's session shadowing, but it doesn't work for the console session:

mstsc /shadow:3 /v:somehost.example.com /noConsentPrompt

All I get is "The specified session is not connected", while query the session on the server give me:

> query session
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 >rdp-tcp#2         Administrator            1  Active
 console                                     3  Conn
 rdp-tcp                                 65536  Listen

FWIW, I configured the group policy to allow connections without consent.

Is there something else I might be missing or this is just not possible ?

score 2 · Answer 1 · answered Mar 23 '15 at 14:52

2

Have you tried using the /admin switch which should connect you to the console session?

mstsc /admin /v:host.example.com

answered Mar 23 '15 at 14:52

Rex

7,895
3
29
45

Yes, it does nothing - I get the same session as without "/admin". – lqc Mar 23 '15 at 14:58
Does nothing on Windows Server 2016 – buzz3791 Jul 25 '18 at 21:17

MagnaVis · Answer 2 · 2015-03-31T05:01:30.530

I may misunderstand, but this is fairly easy. You should remote to the server using your account, on whatever session you want. Then, from command prompt (on the remote server) or PS, enter:

mstsc /shadow:3 /noConsentPrompt

Don't specify a server name, you're on the server that has the session you'd like to shadow. You will have to enable shadowing in GP for this to work. It is in both

[<Computer Configuration> | <User Configuration>]\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions

Once you enable it (I know you said you did, but did you do it in both User and Computer Config?), you should be able to shadow a session after finding the session ID you want to shado using query session, like you have already.

score 0 · Accepted Answer · answered Apr 03 '15 at 20:58

0

I don't think it can be done with windows 2012. I know in the past I have used either the /console or /admin switches because of the following reasons:

Look at the console screen to see a popup that a service failed or the system or the system is running low on virtual memory
some software only would install if it is on the Console (ID=0)

But it doesn't look like this is possible in Windows 2012 because it never attaches you to ID 0

answered Apr 03 '15 at 20:58

Shawn McCloskey

24
3

Since the console isn't ID 0 anymore that makes sense. – Jim B Apr 06 '15 at 00:30
For what it is worth, it is absolutely possible to "connect" to session 0 (which is not the console session) by setting HKLM\SYSTEM\CurrentControlSet\Control\Windows\NoInteractiveServices=0 and then starting the Interactive Services Detection service. If a service (or any other process) is attempting to run interactively in session 0, a window will pop up advising you and allowing to switch to session 0 and interact with the process. – goofology Apr 06 '15 at 17:28
@goofology Following your suggestions, I can see cmd.exe started from a windows service but I can't seem to interact with the cmd.exe prompt. To get cmd.exe to run as a service I'm doing sc create testsvc binpath= "cmd /K start" type= own type= interact && sc start testsvc & sc delete testsvc – buzz3791 Jul 25 '18 at 21:19
I just tested again myself and it is working. After you see a new CMD.exe process running under "SYSTEM", might have to restart the Interactive Services Detection service (sc stop ui0detect && sc start ui0detect). If you don't get an Interactive Services Detection popup, check the taskbar for a Gear icon overlayed with a camera. It might be flashing at you. Sometimes the popup does not appear. – goofology Jul 26 '18 at 23:54

goofology · Answer 4 · 2018-07-26T23:36:21.200

Dameware Mini Remote Control. SWEET little program. Allows access to the 'console' session, the login screen, the boot process (if you use Intel AMT) and also allows to switch to existing RDP sessions as well.

Multiple connection methods: MRC (their ridiculously fast proprietary solution) RDP, VNC, intel AMT (vPro). Multiple authentication methods (NTLM passthrough/manual entry, custom credentials). I've used it for years, well worth the price.. let me know if you have any questions.

Also, for what it's worth, mstsc /admin definitely DOES connect you to the console session, but the console session is NOT the login screen.

However, if you are intending to connect to Session 0 (which is not the console session), simply set HKLM\SYSTEM\CurrentControlSet\Control\Windows\NoInteractiveServices=0 and then start the Interactive Services Detection service. If a service (or any other process) is running interactively in session 0, a window will pop up advising you and allowing to switch to session 0 and interact with the process

To more thoroughly answer the question:

There is no 'more native' (as in built-in) solution that will allow you to control the 'physical desktop' of the server. RDP will only allow access to the logged-in 'console' SESSION. It in no way provides access to the 'physical desktop' of the server. RDP is not a display 'hooking' technology, like VNC, etc, but it works fine for most purposes. If, like me, a person finds themselves regularly needing access to the 'physical desktop' of machines, a third-party solution is the only choice.

I should add, this is why there are MANY third-party remote access tools offered by reputable vendors. Intelliadmin, Radmin are a couple others that immediately come to mind.

Since I'm getting bashed I feel like I should add some more info... Most remote access solutions require (or at least install by default) a client executable and/or driver that runs at ALL TIMES on the remote host. Dameware does not. It has a friendly interface that allows an administrator to push and install/start/stop/uninstall the remote host service on-demand to the machine by RPC/Remote Services Administration. It can automatically install/start the service when connecting and then stop/uninstall the service when disconnecting. This negates the 'driver hack' attack vector mentioned in a comment below. This is how I have my systems configured. And of course only a user with proper admin credentials can make this happen.

P.s. I am in no way connected to this software vendor (now owned by SolarWinds).

Also, I'd argue that from another perspective on the word 'native', VNC, or even better Intel AMT or other similar hardware-based display-hooking technologies (HP iLO, Lantronix Spider KVM, etc) are about as 'native' as you can get.

Author specifically said he wanted a more "native" solution, and that he was using VNC right now. He's not looking for another 3rd party program. This doesn't answer his question at all. — MagnaVis, Mar 31 '15 at 05:02
Thank you for your useful comment. I will clarify: there is no 'more native' solution that will allow control of the 'physical desktop' of the server. RDP will only allow access to the logged-in 'console' session. It in no way provides access to the 'physical desktop' of the server. RDP is not a display 'hooking' technology, like VNC, etc, but it works fine for most purposes. If, like me, a person finds themselves regularly needing access to the 'physical desktop' of machines, a third-party solution is the only choice. — goofology, Apr 03 '15 at 03:23
I spent weeks researching which remote control tool was best/most capable, when I first decided RDP/session shadowing/remote accessibility wasn't good enough for my needs. Also, I'd argue that from another perspective on the word 'native', VNC, or even better Intel AMT or other similar hardware-based display-hooking technologies (HP iLO, Lantronix Spider KVM, etc) are about as 'native' as you can get. — goofology, Apr 03 '15 at 03:26
Fair enough. Though, for the user's specific situation, it seems as though shadowing may be fine. He specifically says he has to run something with "full access", which can be done with scheduled tasks, and he seems to have figured out. If all he wants to do is watch that session, I don't see why shadowing wouldn't work just fine. I do agree that iLO, iDRAC, an IP-KVM, IPMI, etc. would be a much easier/better solution for true "console desktop" access, and see nothing wrong with steering an answer in that direction as long as it's qualified that you believe there's no alternative answer. — MagnaVis, Apr 03 '15 at 03:50
This is a fantastic way to compromise the security of an environment. If you are going non native use an ILO type solution - not a driver hack, and why most AV solutions block it — Jim B, Apr 03 '15 at 17:41
This site is really something. I fail to understand how my thorough answer which directly responds to the user's question, addresses his primary concern, and provides a solution, has been down voted twice. Why don't we wait and see what the OP thinks? Do we just hate on the new guys regardless of their answer's validity? — goofology, Apr 04 '15 at 02:13
When you actually come up with a usefull answer to the question, it may well be upvoted. Not only is your answer not what the OP asked about, it's potentially a security risk. — Jim B, Apr 06 '15 at 00:28

Connecting to Windows Server 2012 R2 console session with RDP

4 Answers4