How Do I Shadow a Specific User's Desktop on a Multi-User Session Host?

Applies to: Nerdio for Azure (NFA) Professional and Enterprise users only.

How do I shadow a user's RDS session?

If you're running an RDS environment such as one in the Nerdio For Azure (NFA) environment, the need to shadow a user's session may arise. Follow the steps below to shadow a user's RDS session:
  1. Ensure the "Set Rules for Remote Control of Remote Desktop Services User Sessions" policy is configured properly on the host. By default, this policy is set as "Not Configured" which will not allow remote control of users sessions. Set the appropriate level of view and control in this policy. This policy can be found in  Administrative Templates\Windows Components\Remote Desktop Servers\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions 2019-05-03_14_31_39-rds5048.nerdio.net_-_Remote_Desktop_Connection.png
  2. Retrieve the session ID number for the user you would like to shadow. This can be done while logged into the host and running "query session" from a command prompt. This will provide a report like the one shown below. As can be seen below, the "Shadowtest" user has a session ID number 22019-05-15_11_05_27-rds5048.nerdio.net_-_Remote_Desktop_Connection.png
  3. Run MSTSC.exe from the command prompt using the desired options below. For this example, we've connected to the shadow test account with control. Using the command "mstsc.exe /Shadow:2 /Control":2019-05-15_11_17_40-rds5048.nerdio.net_-_Remote_Desktop_Connection.png

    This is a very basic shadow including control. The user, in this case, would be prompted with the message below for consent:2019-05-15_11_23_20-How_do_I_shadow_a_specific_users_desktop_on_a_multi-user_session_host_.png

    After the user has accepted the request, you will be presented with the user's session.

Overview of available options for shadowing via mstsc.exe

Options Action

/shadow: ID

Connect to the RDP session with the specified ID


Hostname or IP address of the RDP / RDS server (if not set, a current server/computer will be used)


Allows to interact with the user session (if not set – a user session view mode is used)


Allows not to prompt the user for confirmation to connect to a session


Used to connect with other credentials. The user name and password are requested to connect to the remote computer

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.