-1

I created a group policy to change the default shell, so that handheld PC can RDP to a Terminal Server and have the lob application kiosked. This work fine, but, sometime, is necessary to RDP with the same user and get access to the Windows Shell. Actually I need to disable the policy, do the job and then reenable it. This is quite anoying, expecially if the support task is assigned to people that don't have domain admin privileges. The handheld PCs, use Android or WinCE, while the support logons are always from Windows 7/8 clients, so, teoretically, would be enough to apply the policy only on Android/CE clients. I thinked about a WMI filter, but I really can't figure out how to query for an Android or WinCE system. And morover, they access through RDP, so, from the GPO point of view, the machine is the Terminal Server, not the client. Actually I launch the application through a powershell script (to autologoff when the user quits the application), so, also a way to check the RDP client from powershell would be good, but I've not found one. Any ideas ?

Massimo
  • 46
  • 1
  • 6

1 Answers1

0

You can use Cassia (or better, Shay Levi's Powershell module PSTerminalServices).

Assuming they use different versions, When you query for sessions on the terminal server, you can retrieve the RDP client version.

Also, I don't think there's a way to filter this with WMI, unless you create a new class or something like that.

EliadTech
  • 1,240
  • 9
  • 14
  • I tryed installing the Shay Levi's module. The Get-TSCurrentSession could do the job. It's ClientBuildNumber property should be the right info. In my Windows 8.1 returns 9600 (correctly). Curious to see what returns for an Android Client (don't have one in my hand at the moment). I'll come back later with complete experience with it and (hopefuly) mark your answer as good. – Massimo Jun 18 '15 at 14:46
  • I confirm that the ClientBuildNumber property gives a number only for a Windows Client. With other Clients (i.e. Android) it returns an empty string. So, it's easy to filter down this with a PowerShell script. – Massimo Jul 13 '15 at 08:54