[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Terminal Services - Enabling shadowing for non-admin

Posted on 2005-05-05
6
Medium Priority
?
1,813 Views
Last Modified: 2009-07-16
Hi, I'm trying to enable shadowing (remote monitoring/control of existing session) in 2K3 terminal services for a group of non-admins.  The only information I could find suggested granting full rights within the RDP-Tcp connection in tscc.msc.  Tried that, didn't work.  Are there other permissions I need to check?

Fairly urgent, so offering the full point value.  Thanks!  Joe
0
Comment
Question by:jpresto
  • 3
  • 2
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13943214
Shadowing is only available through the Terminal Services Manager, and was basically disabled by XP SP2 if you're trying to shadow a WindowsXP machine.  To fix that, you need to make the following registry entry:

"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server"
Add a value named "AllowRemoteRPC", type "REG_DWORD" and Value Data = "1"

Remote control/monitoring should be able to be done by any "supervisor" of another user.  Add your non-admins to a new security group and then make that group the "supervised by" setting in the to-be-controlled's user properties dialogue.  (note that this setting will also allow a "supervisor" to open that person's exchange mailbox).

If the remote is to be done via a non-server machine, install the Server 2003 management tools to that machine which will include TS Manager.

Jeff
TechSoEasy
0
 

Author Comment

by:jpresto
ID: 13944778
Thanks for the note, but I'm not sure that is the case here - it is a permissions issue.  Members of administrators *can* remote shadow, but non-admins (even with the permisisons tweak above) receive "Session remote control failied (Error 5 - Access is denied) when trying to shadow.

Thanks - Joe
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 13946109
Error 5 is an insufficient permission level error.

There are a few things to consider... does the shadower have local permissions?  You could add the shadower's group to the local administrator's group.

Or, try making that group the "administered by" for the MACHINE instead of the USER... (same basic premise as above).  I can't test that at the moment, but I'm fairly sure that's how I was able to do it before.  

Lastly, make sure that the user that you want to shadow has "remote control enabled" on the "remote control" tab of their user properties.

Jeff
TechSoEasy
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jpresto
ID: 13973733
The problem "fixed itself" - I think I was on the right track, but rights may not have replicated out..? I need to brush up more on Windows Server.
0
 

Expert Comment

by:Beta99
ID: 24872138
Bringing this back from the dead...
I've tried the above options and still can't get a non local admin user to shadow sessions on the terminal server.
Anyone has an input on this?

Thanks
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 24874267
This question was asked a number of years ago... since then there have been many changes and new options available for desktop sharing technology.

What exactly are you wanting users to share/shadow?

Jeff
TechSoEasy
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question