RDP Shadow for Guests

Yohann Mignon 1 Reputation point
2020-12-23T04:55:00.283+00:00

Hi everyone,

I configured some PCs who can't be in domain but need RDP shadow. No problem for that but I also put user account in Guests group to restrict access and read/write permissions BUT and I didn't know, Guests cannot been shadowed...

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,351 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,706 Reputation points Microsoft Vendor
    2020-12-23T08:47:41.84+00:00

    Hi,

    Could you please give more details about your configuration to achive the RDP shadow?

    I configured some PCs who can't be in domain but need RDP shadow

    Do you want to use these PCs to shadow other remote sessions or shadow to these PCs' remote session from other machines?

    put user account in Guests group

    What kind of the users? Domain users? Local users? Did you put them in Guests group on those non-domain PCs?

    Guests cannot been shadowed

    Do you mean let these guest users shadow other's remote session or let Administrator to shadow there guest users' sessions?

    Thanks,

    Eleven

    If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

    0 comments No comments

  2. Yohann Mignon 1 Reputation point
    2020-12-23T21:51:12.457+00:00

    Hi Eleven,

    I want to shadow these PC's remote session from other machines.
    PCs are not in domain so it's only local user/group
    And yes I move User from Users group and put them in Guests group
    As soon they are in Guests group shadow is in "Access Denied".

    Actual configuration is Remote access enable in "Remote Settings" (with NLA disabled), disabled user's permission asked in Policy and firewall OFF.

    0 comments No comments

  3. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,706 Reputation points Microsoft Vendor
    2020-12-24T09:24:55.477+00:00

    Hi,

    Please correct me if my understanding is incorrect.

    The users in Guests group locally logged into the PCs which are not in domain. You would like to use other machines to shadow these users' local sessions.
    Or the users in Guests group remote connect to these PCs which are not in domain. Then you want to use other machines to shadow these users' remote sessions.

    Both scenarios require local administrator rights on these non-domain PCs.

    If you have successfully let the RDP shadow work before you move the users to Guests, we suggest you should remove them back to users group and use group policy such as software restriction policies or "Don't run specified windows applications" or file/folder permissions settings to restrict access and read/write permissions.

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994606(v=ws.11)?redirectedfrom=MSDN
    https://www.technipages.com/prevent-users-from-running-certain-programs

    Thanks,
    Eleven

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

    0 comments No comments