RDP Shadow option

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

RDP Shadow option

Paul Azad-2

Hi

 

With the windows rdp client, there is an option of /shadow which lets you RDP into a Windows RDP session on a RDS server, or even on Windows 10 (Pro/Enterprise) and see what the local user is seeing. This feature doesn’t seem to be very widely known, but it works very nicely.

 

I was able to RDP from my laptop to another using this command:

 

mstsc /shadow:1 /v:windows_pc_name  /control /noconsentprompt /prompt

 

I was looking for this setting in Guacamole, but I cant seem to find it. I thought preconnection-id was it, as it sounds like it – but that didn’t work.

 

Is this option available, and if not can it be added?

 

Thanks

Paul

Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

vnick
On Mon, Nov 25, 2019 at 5:26 AM Paul Azad <[hidden email]> wrote:

Hi

 

With the windows rdp client, there is an option of /shadow which lets you RDP into a Windows RDP session on a RDS server, or even on Windows 10 (Pro/Enterprise) and see what the local user is seeing. This feature doesn’t seem to be very widely known, but it works very nicely.

 

I was able to RDP from my laptop to another using this command:

 

mstsc /shadow:1 /v:windows_pc_name  /control /noconsentprompt /prompt


To my knowledge we have not implemented that, though I agree that would be useful.  You're welcome to put in a feature request for it.  Note that this will rely on the underlying support being implemented for it in FreeRDP, since that's the library we use for RDP access.  So, you might also check the FreeRDP project and see if they have implemented it.
 

 

I was looking for this setting in Guacamole, but I cant seem to find it. I thought preconnection-id was it, as it sounds like it – but that didn’t work.

 


No, the preconnection-id parameter is relativey specific to connecting to the console of Hyper-V virtual machines, since Microsoft implements those consoles using RDP.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Paul Azad-2
Hi Nick

Thanks for getting back to me. Doesnt look like FreeRDP supports it, and reading the comments about it, its hard (uses RPC & SMB protocols). I am now thinking it might actually not be possible with Guacamole, as we would need to allow port 445/139 for SMB, as well as other ports - which will not be possible unless the guacamole server is in the same LAN as all the PCs.

Is there any other option to use another protocol with Windows? i have read that  X2Go / X11 are not possible due to them being based on X11 etc etc, but X.Org could be possible. But this would only be available for linux....

Thanks


On Tue, Nov 26, 2019 at 1:44 AM Nick Couchman <[hidden email]> wrote:
On Mon, Nov 25, 2019 at 5:26 AM Paul Azad <[hidden email]> wrote:

Hi

 

With the windows rdp client, there is an option of /shadow which lets you RDP into a Windows RDP session on a RDS server, or even on Windows 10 (Pro/Enterprise) and see what the local user is seeing. This feature doesn’t seem to be very widely known, but it works very nicely.

 

I was able to RDP from my laptop to another using this command:

 

mstsc /shadow:1 /v:windows_pc_name  /control /noconsentprompt /prompt


To my knowledge we have not implemented that, though I agree that would be useful.  You're welcome to put in a feature request for it.  Note that this will rely on the underlying support being implemented for it in FreeRDP, since that's the library we use for RDP access.  So, you might also check the FreeRDP project and see if they have implemented it.
 

 

I was looking for this setting in Guacamole, but I cant seem to find it. I thought preconnection-id was it, as it sounds like it – but that didn’t work.

 


No, the preconnection-id parameter is relativey specific to connecting to the console of Hyper-V virtual machines, since Microsoft implements those consoles using RDP.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Michael Ballard
Paul, 

Wouldn't VNC do what you accomplish? I used to use it extensively to connect in to a coworker's computer. If I recall correctly, I used UltraVNC and we could disable our keyboard/mouse so we wouldn't disturb them (and they wouldn't even know we were there), we could black out their screen, or we could share control with them. Of course, some of these rely on the UltraVNC client/server combination, but at the very least VNC should let you connect simultaneously with the user.

On Mon, Nov 25, 2019 at 5:19 PM Paul Azad <[hidden email]> wrote:
Hi Nick

Thanks for getting back to me. Doesnt look like FreeRDP supports it, and reading the comments about it, its hard (uses RPC & SMB protocols). I am now thinking it might actually not be possible with Guacamole, as we would need to allow port 445/139 for SMB, as well as other ports - which will not be possible unless the guacamole server is in the same LAN as all the PCs.

Is there any other option to use another protocol with Windows? i have read that  X2Go / X11 are not possible due to them being based on X11 etc etc, but X.Org could be possible. But this would only be available for linux....

Thanks


On Tue, Nov 26, 2019 at 1:44 AM Nick Couchman <[hidden email]> wrote:
On Mon, Nov 25, 2019 at 5:26 AM Paul Azad <[hidden email]> wrote:

Hi

 

With the windows rdp client, there is an option of /shadow which lets you RDP into a Windows RDP session on a RDS server, or even on Windows 10 (Pro/Enterprise) and see what the local user is seeing. This feature doesn’t seem to be very widely known, but it works very nicely.

 

I was able to RDP from my laptop to another using this command:

 

mstsc /shadow:1 /v:windows_pc_name  /control /noconsentprompt /prompt


To my knowledge we have not implemented that, though I agree that would be useful.  You're welcome to put in a feature request for it.  Note that this will rely on the underlying support being implemented for it in FreeRDP, since that's the library we use for RDP access.  So, you might also check the FreeRDP project and see if they have implemented it.
 

 

I was looking for this setting in Guacamole, but I cant seem to find it. I thought preconnection-id was it, as it sounds like it – but that didn’t work.

 


No, the preconnection-id parameter is relativey specific to connecting to the console of Hyper-V virtual machines, since Microsoft implements those consoles using RDP.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Paul Azad-2
Hi

The speed of VNC is the issue. The refresh rate, and therefor the usability is much slower then RDP. Microsoft have done an awesome job of the protocol behind RDP, wish that someone would create remote connection application (host end) for Windows that runs the RDP protocol. Not sure why this hasnt been done yet though, as the protocol is openly documented by Microsoft... If i knew any developers that could do this - i would fund it. 

On Wed, Nov 27, 2019 at 2:22 AM Michael Ballard <[hidden email]> wrote:
Paul, 

Wouldn't VNC do what you accomplish? I used to use it extensively to connect in to a coworker's computer. If I recall correctly, I used UltraVNC and we could disable our keyboard/mouse so we wouldn't disturb them (and they wouldn't even know we were there), we could black out their screen, or we could share control with them. Of course, some of these rely on the UltraVNC client/server combination, but at the very least VNC should let you connect simultaneously with the user.

On Mon, Nov 25, 2019 at 5:19 PM Paul Azad <[hidden email]> wrote:
Hi Nick

Thanks for getting back to me. Doesnt look like FreeRDP supports it, and reading the comments about it, its hard (uses RPC & SMB protocols). I am now thinking it might actually not be possible with Guacamole, as we would need to allow port 445/139 for SMB, as well as other ports - which will not be possible unless the guacamole server is in the same LAN as all the PCs.

Is there any other option to use another protocol with Windows? i have read that  X2Go / X11 are not possible due to them being based on X11 etc etc, but X.Org could be possible. But this would only be available for linux....

Thanks


On Tue, Nov 26, 2019 at 1:44 AM Nick Couchman <[hidden email]> wrote:
On Mon, Nov 25, 2019 at 5:26 AM Paul Azad <[hidden email]> wrote:

Hi

 

With the windows rdp client, there is an option of /shadow which lets you RDP into a Windows RDP session on a RDS server, or even on Windows 10 (Pro/Enterprise) and see what the local user is seeing. This feature doesn’t seem to be very widely known, but it works very nicely.

 

I was able to RDP from my laptop to another using this command:

 

mstsc /shadow:1 /v:windows_pc_name  /control /noconsentprompt /prompt


To my knowledge we have not implemented that, though I agree that would be useful.  You're welcome to put in a feature request for it.  Note that this will rely on the underlying support being implemented for it in FreeRDP, since that's the library we use for RDP access.  So, you might also check the FreeRDP project and see if they have implemented it.
 

 

I was looking for this setting in Guacamole, but I cant seem to find it. I thought preconnection-id was it, as it sounds like it – but that didn’t work.

 


No, the preconnection-id parameter is relativey specific to connecting to the console of Hyper-V virtual machines, since Microsoft implements those consoles using RDP.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

vnick
On Tue, Nov 26, 2019 at 7:41 PM Paul Azad <[hidden email]> wrote:
Hi

The speed of VNC is the issue. The refresh rate, and therefor the usability is much slower then RDP. Microsoft have done an awesome job of the protocol behind RDP, wish that someone would create remote connection application (host end) for Windows that runs the RDP protocol. Not sure why this hasnt been done yet though, as the protocol is openly documented by Microsoft... If i knew any developers that could do this - i would fund it. 

It is true that VNC performance can be problematic, and that RDP seems to be more efficient at it.  However, if you put your guacd server (and, possibly, your Guacamole Client server) close to the remote end, then you should get decent performance - Guacamole itself does a very good job of making the display of protocols like VNC more efficient over lower-bandwidth, higher-latency links where they've tended to be problematic in the past.

VNC does still lack support for some other things that RDP has built-in - like audio redirection and file and printer redirection - so I'm not saying it's a 1-for-1 trade.  But some of those items can be worked around (Guacamole support audio redirection on VNC with PulseAudio, for example), and, depending on your application, it may work fine.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Paul Azad-2
Hi Nick

Issue is that we have machines spread across 4000 miles, so its hard to put it close to the clients :-(

Is there any other protocols that Guacamole could support if they were added into Guac, would be better?

On Wed, Nov 27, 2019 at 12:48 PM Nick Couchman <[hidden email]> wrote:
On Tue, Nov 26, 2019 at 7:41 PM Paul Azad <[hidden email]> wrote:
Hi

The speed of VNC is the issue. The refresh rate, and therefor the usability is much slower then RDP. Microsoft have done an awesome job of the protocol behind RDP, wish that someone would create remote connection application (host end) for Windows that runs the RDP protocol. Not sure why this hasnt been done yet though, as the protocol is openly documented by Microsoft... If i knew any developers that could do this - i would fund it. 

It is true that VNC performance can be problematic, and that RDP seems to be more efficient at it.  However, if you put your guacd server (and, possibly, your Guacamole Client server) close to the remote end, then you should get decent performance - Guacamole itself does a very good job of making the display of protocols like VNC more efficient over lower-bandwidth, higher-latency links where they've tended to be problematic in the past.

VNC does still lack support for some other things that RDP has built-in - like audio redirection and file and printer redirection - so I'm not saying it's a 1-for-1 trade.  But some of those items can be worked around (Guacamole support audio redirection on VNC with PulseAudio, for example), and, depending on your application, it may work fine.

-Nick
Reply | Threaded
Open this post in threaded view
|

RE: RDP Shadow option

umesh

Hi Nick,

 

I was thinking share a connection will allow user to share the desktop with other users (read-only) to see what they are doing. Is it not the way Share a connection work?

 

Regards,

Umesh

From: Paul Azad <[hidden email]>
Sent: Wednesday, November 27, 2019 8:43 AM
To: [hidden email]
Subject: Re: RDP Shadow option

 

Hi Nick

 

Issue is that we have machines spread across 4000 miles, so its hard to put it close to the clients :-(

 

Is there any other protocols that Guacamole could support if they were added into Guac, would be better?

 

On Wed, Nov 27, 2019 at 12:48 PM Nick Couchman <[hidden email]> wrote:

On Tue, Nov 26, 2019 at 7:41 PM Paul Azad <[hidden email]> wrote:

Hi


The speed of VNC is the issue. The refresh rate, and therefor the usability is much slower then RDP. Microsoft have done an awesome job of the protocol behind RDP, wish that someone would create remote connection application (host end) for Windows that runs the RDP protocol. Not sure why this hasnt been done yet though, as the protocol is openly documented by Microsoft... If i knew any developers that could do this - i would fund it. 

 

It is true that VNC performance can be problematic, and that RDP seems to be more efficient at it.  However, if you put your guacd server (and, possibly, your Guacamole Client server) close to the remote end, then you should get decent performance - Guacamole itself does a very good job of making the display of protocols like VNC more efficient over lower-bandwidth, higher-latency links where they've tended to be problematic in the past.

 

VNC does still lack support for some other things that RDP has built-in - like audio redirection and file and printer redirection - so I'm not saying it's a 1-for-1 trade.  But some of those items can be worked around (Guacamole support audio redirection on VNC with PulseAudio, for example), and, depending on your application, it may work fine.

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

vnick
On Wed, Nov 27, 2019 at 7:56 AM Umesh Bhatt <[hidden email]> wrote:

Hi Nick,

 

I was thinking share a connection will allow user to share the desktop with other users (read-only) to see what they are doing. Is it not the way Share a connection work?



Yes, this is how Share a Connection works; however, I think the issue that Paul is having is that the users who are connecting to the RDP sessions are not (necessarily) doing so from Guacamole.  He's looking for a way to use RDP to shadow other RDP connections made from other clients.

Of course, one solution is to force everyone to use Guacamole, and then you could use the connection sharing feature in Guacamole, but that may not be a practical solution.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Paul Azad-2
Nick

Your spot on with our use case. Cant expect users to RDP into their own local PC - which isn't possible anyway.

Would WebRTC 'protocol be possible to be supported in Guacd? Or any other Windows available protocol that is more fluid then VNC?

On Thu, Nov 28, 2019 at 6:45 AM Nick Couchman <[hidden email]> wrote:
On Wed, Nov 27, 2019 at 7:56 AM Umesh Bhatt <[hidden email]> wrote:

Hi Nick,

 

I was thinking share a connection will allow user to share the desktop with other users (read-only) to see what they are doing. Is it not the way Share a connection work?



Yes, this is how Share a Connection works; however, I think the issue that Paul is having is that the users who are connecting to the RDP sessions are not (necessarily) doing so from Guacamole.  He's looking for a way to use RDP to shadow other RDP connections made from other clients.

Of course, one solution is to force everyone to use Guacamole, and then you could use the connection sharing feature in Guacamole, but that may not be a practical solution.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

vnick
On Thu, Nov 28, 2019 at 4:24 PM Paul Azad <[hidden email]> wrote:
Nick

Your spot on with our use case. Cant expect users to RDP into their own local PC - which isn't possible anyway.

Would WebRTC 'protocol be possible to be supported in Guacd? Or any other Windows available protocol that is more fluid then VNC?


That's an interesting thought.  It would likely be possible, but I'd be curious what some of the other developers think about the feasibility and desirability of this feature.  Also, I'm not sure how worthwhile it is to actually add this to Guacamole - if you're going to have the screens shared with WebRTC, anyway, why not just go WebRTC natively across the entire link - why use Guacamole at all?

However, on a different note, I did some further research on this, and, while it is true that the FreeRDP project has decided not to support the shadow option connecting natively to Windows, there does seem to be a FreeRDP shadow server that could be installed that might do the trick?  I haven't done anything with it, but it appears that it likely uses the RDP protocol to do what VNC does - mirror the current display and allow for a native (non-RPC/SMB) connection to the mirrored display.  You might look into that - while it would be another piece of software to deploy, I would imagine the deployment is pretty simple (copy executable to remote system, create a service, start it - something like that) and probably would give you the functionality you're looking for with Guacamole.

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: RDP Shadow option

Paul Azad-2
Hi Nick

I came up with the same info yesterday about FreeRDP, and xRDP. I did some more research and found a few other projects doing a RDP -> VNC proxy/converter. So it would mean using RDP from Guacamole to the machine, that would then proxy/convert it to VNC that connects to a local VNC server on the local machine.

I think xRDP is also doing this, anyway one of the other projects is going to help compile it for windows this week - so fingers crossed it works and helps with the latency issues.

Back to WebRTC, guacamole is a great aggregation for connecting to multiple systems. So connecting to it, and then going to ssh (for linux), or vnc (for MacOS), or RDP (windows server) is really great. The issue is that Windows desktop (shadow).  With Guacamole an administrator can setup u/p required for the client connection so the users who actually connect to the end machines through guacamole dont need to know any of these details - which is great, plus with guacd we can record the session - again which is great


On Sat, Nov 30, 2019 at 4:14 AM Nick Couchman <[hidden email]> wrote:
On Thu, Nov 28, 2019 at 4:24 PM Paul Azad <[hidden email]> wrote:
Nick

Your spot on with our use case. Cant expect users to RDP into their own local PC - which isn't possible anyway.

Would WebRTC 'protocol be possible to be supported in Guacd? Or any other Windows available protocol that is more fluid then VNC?


That's an interesting thought.  It would likely be possible, but I'd be curious what some of the other developers think about the feasibility and desirability of this feature.  Also, I'm not sure how worthwhile it is to actually add this to Guacamole - if you're going to have the screens shared with WebRTC, anyway, why not just go WebRTC natively across the entire link - why use Guacamole at all?

However, on a different note, I did some further research on this, and, while it is true that the FreeRDP project has decided not to support the shadow option connecting natively to Windows, there does seem to be a FreeRDP shadow server that could be installed that might do the trick?  I haven't done anything with it, but it appears that it likely uses the RDP protocol to do what VNC does - mirror the current display and allow for a native (non-RPC/SMB) connection to the mirrored display.  You might look into that - while it would be another piece of software to deploy, I would imagine the deployment is pretty simple (copy executable to remote system, create a service, start it - something like that) and probably would give you the functionality you're looking for with Guacamole.

-Nick