Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

View the active remote desktop connection on a given computer

Tags:

windows

rdp

I am looking for a tool to know if a given computer on the local network is being remotely accessed by a user or not and ideally I'd like to know who that user is. In my company, we share virtual machines and we keep have to ask members in the team if they use any remote computer. I'd like to have some kind of dashboard that can tell me what computer is being used, and what computer is free.

I am happy to use any kind of commercial solution that would require the install of services on each of the machines that need to be monitored or things like that.

like image 312
edeboursetty Avatar asked Mar 06 '12 14:03

edeboursetty


People also ask

How do I view Remote Desktop connections?

If you want to know which types of connections are used to connect to the remote, simply click on any column of the list, say "Status," then right-click on it and select "Session." The list will then show a session column with the types of connections to remote, such as console, terminal, services, or RDP, and so on.


1 Answers

The below is made easier if you're querying from a Windows client joined to the same domain as the system you are querying, and may require certain rights above and beyond a standard domain user. If you run into authentication/permission issues, that would be the first thing I'd check.

There is a tool available at least as far back as Windows XP called "qwinsta". Later versions of Windows have both qwinsta and "query session".

qwinsta /server:computer01
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 console                                     0  Conn    wdcon
 rdp-tcp                                 65536  Listen  rdpwd
                   administrator             2  Disc    rdpwd

That shows user "administrator" logged in but disconnected. Since in this example computer01 is a Windows Server 2003 system with the default "administration" RDP license, there's a second session listening for someone to connect.

Running the same command again after connecting to that previously disconnected session looks like this:

 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
[unchanged output removed]
 rdp-tcp#25        administrator             2  Active  rdpwd

This is enough to answer "is someone currently active via RDP", and if you're using individual usernames, it should answer the "who" as well. If you're all using "testuser" or "administrator" or something, you'll probably want to know the answer to "from what client", and that is not given above.

The above gives a quick basic answer without needing additional tools. For more detailed information, you might look at the cassia library or PSTerminalServices (built on cassia). See some of the answers in this question for more detail.

My first thought on this was to use Sysinternals tools such as PsLoggedOn or LogonSessions. I then found reference to the previously-unknown-to-me qwinsta and rwinsta tools in this blog post from 2003.

like image 100
jeff Avatar answered Oct 26 '22 16:10

jeff