Getting "access" denied on a shadow request of a remote desktop

Question

I am running the following code in a batch file

Mstsc /v:VS-Print-Server /shadow:1 /control /noConsentPrompt

But keep getting a "Shadow error, access denied" message, I have set the group policy to allow for remote connections without a prompt, and set the max number of connections to 999999, and set the "AllowRemoteRPC" dword in the registry to 1 as well.

I have gone through a slew of other fixes like local security policy fixes for "Allow log on through Terminal Services" (which also gave me errors) and am at my wits end with getting it to work.

Regular RDP connections work just fine, but the main goal is to just shadow and share the screen of the computer so as to not kick anyone out working on it, or have to check across the office to see if it is free to use.

Windows 10 Pro to Windows 10 pro is the configuration, build 1909.

Answer 1

I'm looking for suggestions for "access denied" + "mstsc /shadow", and this bleeping old question came up on the first page of results (and has no answer), so...

...if using win10 or win11, you're going to have to get into hacking termsrv.dll (registry entries won't help); i.e. concurrent rdp sessions are for server OS only (think of the rdp session as 1, and then your shadow makes 2; oops, you've crossed over to the server land)

you'd be better off to just go for the rdp, and if there's a current user, let them decline or miss the 30 second window; their stuff doesn't die an instant death, it hides away, and when they log back in, it's where they left off (or maybe it's time to share that computer via an online calendar?)

or walking across the office is a good thing

if you're worried about if they're in the middle of things, remember that somethings can be running and not apparent in the gui, and you can get into a powershell remote session without affecting the gui (run elevated):

icm remoteMachineName {get-process -includeUsername | sort -property userName}