Session Spying

- RDP Spying

Once Domain Admin, to spy on others RDP Sessions, in Server Manager, locate Local Server > Remote Desktop > Enabled

Open GPOs Manager: gpmc.msc or in Server Manager > Tools > GPOs (First option)

Create the GPO: “Shadow Session” over the whole domain (Click the domain name > Create GPO and link it here)

Edit this GPO and configure the following: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Set rules for remote control of Remote Desktop Services user sessions

Enable it with “Full control without user’s permission" selected.

Then update GPOs: gpupdate /force

Next, to see the sessions: qwinsta.exe

Then, to take over the session: MSTSC /Shadow:<N°Session> /Control /NoConsentPromp

- Normal Session Spying

SSCM