How to view list of active remote desktop Users in Windows Server ?
👤 Diwas Poudel 🕒 Jan 26 2022 📁 Fix 📜 0 comment
If you're curious about who is currently connected to a remote desktop connection, you've come to the right place. There are numerous methods for determining the number of remotely connected users.
RDP, which stands for Remote Desktop Protocol, is a protocol developed and owned by Microsoft that allows a user to connect to another computer via a network connection using a graphical interface. To connect to the server, the user uses RDP client software, whereas the server uses RDP server software, which is included with the Windows Server operating system. When a client connects to a server, Windows Servers keep track of the logged-in user's information, which we can view.
So let's get started.
Using Task Manager
Using Task Manager, we can see a list of active remote desktop users on a Windows server. This method of checking Active User works for every version of Windows Server.
Here are the steps:
- Goto Run and type taskmgr.exe and press the Ok button
This will open Task Manager. - Just navigate to the Users tab there you will get Users currently active.
It will display a list of users currently logged in. Here, I have only logged so it is showing one user information. Also, it contains information like what application the user is using, its current status, CPU usage, and memory usage.
Here you will only be able to determine which users are using Remote Connection. If you want to know which types of connections are used to connect to the remote, simply click on any column of the list, say "Status," then right-click on it and select "Session." The list will then show a session column with the types of connections to remote, such as console, terminal, services, or RDP, and so on. As shown below.
Using Query User Command
With the help of the query command, we can find various information about sessionId, the number of users, session state[active/inactive] etc on the Remote Desktop Session Host Server. This command can be used to determine whether a specific user is logged in to a specific Remote Desktop Session Host Server or not.
This command will work Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, etc. So, this command will not work for Windows Server 2008.
Syntax:
query user [ | | ] [/server:]
Example:
It will return the following information:
- Username: Name of the User.
- sessionname: Name of the session on Remote Desktop Session Host Server. Here, I have rdp-tcp#45
- Id: This is the session ID
- STATE: This is the state of the session either active or disconnected.
- Idle Time: the number of minutes since the session's last keystroke or mouse movement.
- LOGON Time: THis is the login time of the user at the server.
Note: You must have Full Control Authorization or special access permission to use this command.
query session
It displays information about not only active sessions but also other sessions that the server is running.
Using quser command
This is the same as the Query User command. This command will also work for Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 only.
Syntax
quser [ | | ] [/server:]
Using qwinsta command
Query WINdows STAtion is abbreviated as qwinsta. It displays information about sessions on a Remote Desktop Session Host server. The list includes information not only about active sessions but also about other sessions that the server runs.
Syntax
qwinsta [ | | ] [/server:] [/mode] [/flow] [/connect] [/counter]
Example:
Look at the state column and you will see whether the user is active or not. You can see here User with ID 6 is active
Also Read: Debug IIS hosted web application in visual studio
Using Get-RDUserSession commandlet
The Get-RDUserSession cmdlet returns a list of all user sessions in a collection or in a Remote Desktop deployment. Note that this may not work in some servers like Windows R2 2012.
Import-Module RemoteDesktop Get-RDUserSession
Output:
Using WMI
Windows Management Instrumentation [WMI] is a PowerShell subsystem that provides administrators with powerful system monitoring tools.
By simply typing the following command you will know a lot:
Get-WmiObject Win32_LoggedOnUser
If you just want to know the username just type the below command:
Get-WmiObject Win32_LoggedOnUser | Select Antecedent -Unique | %{"{0}\{1}" -f $_.Antecedent.ToString[].Split['"'][1],$_.Antecedent.ToString[].Split['"'][3]}
Using PsLoggedOn Tools
PsTools is a small Sysinternals command-line tool that can help in the administration of local and remote systems. It aids to determine currently logged-in users in local as well as remote systems.
Because PsLoggedOn requires a logon to access the Registry of a remote system, it will show you as logged on via resource share to remote computers that you query.
Note that this tool's command will only work for Windows Server 2008 and above.
Syntax:
psloggedon [- ] [-l] [-x] [\\computername | username]
Here,
Parameter | Description |
- | Displays the supported options as well as the units of measurement for output values. |
-l | Displays only local logins rather than both local and network resource logons. |
-x | Don't Show Logon times. |
computername | Specifies the name of the compute for which logon information is to be displayed. |
username | PsLoggedOn searches the network for computers where that user is logged in if you specify a user name. This is useful if you don't want a specific user to be logged in when you're about to change their user profile configuration. |
Download
Also Read: Why Windows OS is popular?
Steps to use PsLogged.
- Download PsLogged from the above link
- Extract the files
- Goto extracted links and an open the command prompt on the same location.
- Then use the syntax mentioned above.
PSLoggedOn requires the Remote Registry Service to be running on the target computer. This service is not enabled by default.
Using Remote Event Viewer
Event Viewer is a powerful Windows tool that allows you to obtain log information from both your local and remote computers.
1 Connect successfully to a remote computer
2 Press Ctrl + R and type eventvwr and press Enter. This will open eventvwr.
3 Just click on the 'Create Custom View' label located at the right corner.
4 Then under Popup, select Security under 'Event Logs' and type Id in as 4624 ,4647, 4779,4800 and then press Ok.
5 In the next screen give the Name of the log like 'Remote Login History' and click on Ok.
6 You will get the 'Remote Login History' Label under Custom Views. Click on the label 'Remote Login History' you will get all login, logout, locked, unlocked event information of the remote users.
7Click on the row of the event and detail related to that event will get displayed just below it.
How to Enable Remote Registry Service in Remote Server?
Steps for enabling remote registry service in remote server as follows:
- Goto the services manager.
- Look for the "Remote Registry" service.
- Double click on the service.
- Set the "Start Type" to "Automatic," then press the "Start" button.
- Click OK to save your settings.
Or you can simply run following line by line in Powershell.
Set-Service RemoteRegistry –startuptype automatic –passthru
Start-Service RemoteRegistry
Set-Service is the cmdlet that can modify the StartupType, Status, Description, and Displayname properties of a service. You can start, stop, and suspend service with the help of the Set-Service cmdlet.
Here, Set-Service is looking for RemoteRegistry Service and set this service to start automatically. And -passthru indicates that if you are already running this service then ignore it else runs it automatically.
Powershell Script File which displays List of all User RDP connection
The below script will list all users' RDP Connections History.
Steps:
- Open Text File and paste the below code.
- Save the file as .ps1
- Open Powershell and type: Powershell.exe -File file_location_path and press Enter
where file_location_path is the actual location of the file
Scripts:
$AllUser = Get-WmiObject -Class Win32_UserAccount
foreach[$User in $AllUser]
{
$RegPath = "Registry::HKEY_USERS\"+$User.SID+"\Software\Microsoft\Terminal Server Client\Servers\"
Write-Host "User:"$User.Name
Write-Host "SID:"$User.SID
Write-Host "Status:"$User.Status
$QueryPath = dir $RegPath -Name -ErrorAction SilentlyContinue
If[!$?]
{
Write-Host "[!]Not logged in"
Write-Host "[*]Try to load Hive"
$File = "C:\Documents and Settings\"+$User.Name+"\NTUSER.DAT"
$Path = "HKEY_USERS\"+$User.SID
Write-Host "[+]Path:"$Path
Write-Host "[+]File:"$File
Reg load $Path $File
If[!$?]
{
Write-Host "[!]Fail to load Hive"
Write-Host "[!]No RDP Connections History"
}
Else
{
$QueryPath = dir $RegPath -Name -ErrorAction SilentlyContinue
If[!$?]
{
Write-Host "[!]No RDP Connections History"
}
Else
{
foreach[$Name in $QueryPath]
{
$User = [Get-ItemProperty -Path $RegPath$Name -ErrorAction Stop].UsernameHint
Write-Host "Server:"$Name
Write-Host "User:"$User
}
}
Write-Host "[*]Try to unload Hive"
Start-Process powershell.exe -WindowStyle Hidden -ArgumentList "Reg unload $Path"
}
}
foreach[$Name in $QueryPath]
{
Try
{
$User = [Get-ItemProperty -Path $RegPath$Name -ErrorAction Stop].UsernameHint
Write-Host "Server:"$Name
Write-Host "User:"$User
}
Catch
{
Write-Host "[!]No RDP Connections History"
}
}
Write-Host "----------------------------------"
}
Script Credits goes to gstudent@3gstudent
What is happening in the above script?
Ans: To begin, use "reg load" to load the hive. Then, from "HKEY_USERS\"+$User.SID+"\Software\Microsoft\Terminal Server Client\Servers\", read the RDP Connections History.Finally, use "reg unload" to unload the hive. To get the history of login users, data are read from NTUSER.DAT file
query session
- Article
- 07/29/2021
- 2 minutes to read
- 9 contributors
Is this page helpful?
Yes No
Any additional feedback?
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.
Submit
Thank you.
In this article
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
Displays information about sessions on a Remote Desktop Session Host server. The list includes information not only about active sessions but also about other sessions that the server runs.
Note
To find out what's new in the latest version, see What's New in Remote Desktop Services in Windows Server.
3 Replies
· · ·
Datil
OP
Jul 31, 2018 at 15:06 UTC
PCSmart Solutions is an IT service provider.
There is a Microsoft Remote Desktop Services manager Pack available at Microsoft, downloadable here --->
//www.microsoft.com/en-us/download/details.aspx?id=54806
Have a nice day!
0
· · ·
Serrano
OP
Jul 31, 2018 at 15:09 UTC
JCAlexandres wrote:
There is a Microsoft Remote Desktop Services manager Pack available at Microsoft, downloadable here --->
//www.microsoft.com/en-us/download/details.aspx?id=54806
Have a nice day!
Thanks for the suggestion. This is the answer I got when I tried to use this pack:
Unfortunately I don’t think you’ll be able to use this software. I was on the phone with Microsoft about verifying the terminal server licensing and asked them about this and they said it’s not a program they use/support. when I bring it up it has an MP file which he said they don’t support. He told me the only way to manage sessions on server 2016 is by task manager on each server.
0
· · ·
Datil
OP
Best Answer
Jul 31, 2018 at 16:59 UTC
You can use the built-in Server Manager to manage the user sessions. The console below is available on your Session Host server and can also be installed as part of the RSAT kit for remote administration.
Right-clicking a connection in the 'Connections' pane gives you the ability to end sessions, send messages, etc.
1
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
How to view user screen in the "Shadow Copy" mode in Windows Server 2012/2016?
Shadow utility
To view another user session, you must use the built-in Shadow utility.For example:There is a VDS server running Windows Server 2012/2016 andit has two registered users –AdministratorandUser.Let's say the name of our account is administrator and we want to see the session screen of user.
Run Command prompt: "Ctr + R" --> "cmd".To get the ID of the session, enter query user in the command prompt:
So, knowing the session ID, connect to user in the Shadow Copy mode
Click "Start" ---→ "Run" --→ "mstsc/shadow:2" --→ "Ок":
You will see the following message:
At this point, User will see a remote monitoring request box:
We get access onceUseraccepts the request.
Enable Multiple RDP Sessions
Follow the below steps to enable multiple remote desktop sessions on a Windows system.
- Log in to the Windows system.
- Open the start screen [press the Windows key] and type “Edit group policy” or “gpedit.msc”, and launch it.
- Navigate to Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections.
- Double click on “Set Restrict Remote Desktop Services user to a single Remote Desktop Services session and set this to Disabled.
- Next, double click on “Limit number of connections” and set the RD Maximum Connections allowed to 999999. You can also set the limit to 2 to allow two session only.
Below is the screenshots of changes being made: