Windows server 2012 remote desktop services
- #Windows server 2012 remote desktop services how to
- #Windows server 2012 remote desktop services full
#Windows server 2012 remote desktop services full
The one downside of using the above script is that it grants the account in question FULL rights across all operations on the Remote Desktop Session Host server. Write-Host("The operation to grant shadowing permissions to " + $AccountToAdd + " on " + $TempRDS + " " + $opstatus + "`r`n")Īpproach 2 – Using TSConfig.msc To Granularly Delegate Windows Server 2012 Shadowing Rights To Non-Admins $retVal = $WMIHandle.AddAccount($AccountToAdd, 2) If($WMIHandle.TerminalName -eq "RDP-Tcp") $WMIHandles = Get-WmiObject -Class "Win32_TSPermissionsSetting" -Namespace "root\CIMV2\terminalservices" -ComputerName $TempRDS -Authentication PacketPrivacy -Impersonation Impersonate $AccountToAdd = Read-Host("Please enter the user name or group name who needs permission to shadow users" + "`r`n" + "(Format: DOMAIN\User or DOMAIN\Group)") Server 2012 R2 Shadow Permissions Script CodeĪddShadowingPerms.ps1 – Click to Download param(
#Windows server 2012 remote desktop services how to
I’ve seen some examples on other blogs that reference how to do this for a specific domain group on a single session host, but I’ve expanded that concept so you can now pass a comma-delimited list of computer names (each one being a Server 2012 Session Host), and the script will walk the WMI object on each computer name and set the permissions for either a user account or group account that you supply when the script runs. Here’s the script I’ve written to perform this adjustment on Windows Server 2012 R2 Session Hosts. For even more granular adjustments, you can load an old copy of the Remote Desktop Session Host Configuration Tool (tsconfig.msc) on a Windows Server 2008 system joined to the same domain, and then connect to a Windows Server 2012 R2 system running the Remote Desktop Services role.Īpproach 1 – Using PowerShell To Delegate Windows Server 2012 Shadowing Rights To Non-Admins.You can manipulate a WMI object programmatically on each Remote Desktop Session host with a PowerShell script.There are two ways (I know of, at least) to do this: Most medium to larger shops running Microsoft Remote Desktop Services want the ability to delegate shadowing permissions to help desk technicians with out granting those folks full admin rights. Read this article on my corporate blog if you want to know all the sordid details, including how RDS shadowing was completely dropped in Windows Server 2012, only to be added back in Windows Server 2012 R2. Click here for more details.Īhh, nothing like the upheaval of how Windows Server 2012 shadowing works to put more grey in every RDS administrator’s hair. UPDATE: This script is now included in the free Remote Desktop Commander Lite utility.