If a profile is assigned the “Shadow” setting, an expert can switch to a PC on which another user is already logged in.

This feature does not require a remote session via a gateway.

The following data must be provided:

Name Description
IP/Host IP/Host of the computer to be accessed by the expert
Session ID The session ID of the session of the logged-in user. This is usually always the same and can be determined on the PC using the “quser” command
Domain (Optional) The domain of the PC
Login Login of a local user or administrator
Password Password of a local user or administrator

The following requirements apply for access to the PC:

  • Only works with Win10
  • The network must not be public
  • The firewall rule INBOUND: RDP SHADOWING (TCP 445) must be active
  • Remote Desktop (not Remote Access) must be activated
  • Remote identification with NLM
  • This group policy must be adjusted:
    gpedit |\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions
  • Check in Group Policy whether “Deny access from this network …” is not set to “everyone”.
  • Check in the group policies whether the “RemoteDesktopUser” is also entered in “Allow access from this network …”