UPDATE: This script is now included in the free Remote Desktop Commander Lite utility. Click here for more details.
Ahh, nothing like the upheaval of how Windows Server 2012 shadowing works to put more grey in every RDS administrator’s hair. Read this article on my corporate blog if you want to know all the sordid details, including how RDS shadowing was completely dropped in Windows Server 2012, only to be added back in Windows Server 2012 R2.
Most medium to larger shops running Microsoft Remote Desktop Services want the ability to delegate shadowing permissions to help desk technicians with out granting those folks full admin rights. There are two ways (I know of, at least) to do this:
- You can manipulate a WMI object programmatically on each Remote Desktop Session host with a PowerShell script
- For even more granular adjustments, you can load an old copy of the Remote Desktop Session Host Configuration Tool (tsconfig.msc) on a Windows Server 2008 system joined to the same domain, and then connect to a Windows Server 2012 R2 system running the Remote Desktop Services role.
Approach 1 – Using PowerShell To Delegate Windows Server 2012 Shadowing Rights To Non-Admins
Here’s the script I’ve written to perform this adjustment on Windows Server 2012 R2 Session Hosts. I’ve seen some examples on other blogs that reference how to do this for a specific domain group on a single session host, but I’ve expanded that concept so you can now pass a comma-delimited list of computer names (each one being a Server 2012 Session Host), and the script will walk the WMI object on each computer name and set the permissions for either a user account or group account that you supply when the script runs.
Read the entire article here, Windows Server 2012 Shadowing – Delegating Rights To Non-Admins
via the fine folks at PureRDS.org.
You May Also Like: