CODEWITHSUNDEEP
.netpowershellnetwork-programmingremote-accesswindows-server-2012
octopusgrabbus
octopusgrabbus

Reputation: 10695

Checking for Remote Sessions

I want to create an application that checks for and notifies if a remote session exists on a server. I do not know if remote access products like Bomgar, gotomeeting, gotoassist, and others use Terminal Services or not.

It looks like GetSystemMetrics' SM_REMOTECONTROL and SM_REMOTESESSION refer only remote sessions connecting through Windows Terminal Services.

I have just looked at this post, but this refers to PowerShell sessions.

So, my general question is what family of .NET APIs deal with creating, configuring, and detecting remote access?

Edit Since Posting:

I have just looked at this other post in Microsoft TechNet, and it appears I need to get a list of processes, and find out if rdpinit.exe and rdpshell.exe are in each process' process list, but will that cover some of the well-known remote access products, and is there an API to do this?

Upvotes: 2

Views: 560

Answers (1)

thepip3r
thepip3r

Reputation: 2935

How about the NetSessionEnum function from netapi32.dll? Boe Prox has a great article on it: https://learn-powershell.net/2016/08/07/viewing-net-sessions-using-powershell-and-pinvoke/

There are already pre-written PowerShell scripts that p/invoke it but if you want to roll your own, here's p/invoke.net for the signature: http://www.pinvoke.net/default.aspx/netapi32.NetSessionEnum

As a side note, MS released a blog article with a script that detailed ACL modification to the registry a few months back to actually block this since it allows for non-administrator, remote session enumeration of Windows machines.

Upvotes: 1

Related Questions