Geeks With Blogs
mikedopp Geekswithblogs (edition)

In case you are wondering what is the “Shadow” command? Well in most server installs that have been built on the NT kernal there has been a version of the shadow command.

What is the “Shadow” command?  Lets for instance say you are using windows 2003 and want to gain screen(session) access to another users screen(session). Perhaps the person you are asking for shadow permission has an issue on his desktop and cannot figure it out.  Think Remote Desktop access without the Remote part.

To “Shadow” you have to know the session id of the user’s session that you want to view and or take over. This is done very easily. Right click on your taskbar and select task manager. Go to Users and pick the users name and the session number should be located to the left of the name.

Open up a command prompt(start->run in the open prompt type “cmd”) type:

Shadow 0(or the number of the session) and on the users session it will pop up a dialog box asking the other user for permission for you to access the screen(session).

Of course this can be denied from the other user. Frustrating? Yes.

Try this technique to gain that access you want without the permission of the other user or users.

To shadow any other session, without a prompt, you would use the RDP-TCP Properties dialog, on the Remote Control tab, and clear the require users permission box.

To remote control the console (session 0) without a prompt for approval:

1. On the Terminal Services server, Start / Run / Gpedit.msc / OK.

2. Navigate through Computer Configuration / Administrative templates / Windows Components / Terminal Services.

3. Right-click Remote Control Settings and press Properties.

4. Select the Enabled option.

5. Select Full Control without user's permission, under Options.

6. Press OK.

7. Exit the Group Policy Editor.

8. To force this local policy to update now, open a CMD prompt, type gpupdate /force, and press Enter.

When you establish a Remote Desktop session, you can connect to the console and remote control it:

1. Open a CMD prompt.

2. Type Shadow 0 and press Enter.

The user will NOT be prompted for permission.

Sweet eh? Well this can be exploited and used in many wrong ways. So just be careful and use it wisely.

 

Posted on Monday, April 27, 2009 5:25 AM | Back to top


Comments on this post: Windows 2003 Using The Shadow command without Permission

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © mikedopp | Powered by: GeeksWithBlogs.net