Jump to content

Show last known RDP user before connecting


alun

Recommended Posts

We use RDP to connect to a selection of our servers via Passwordstate. 

 

Unfortunately, we have applications running on the server desktops, so all have to connect as the same domain user account per server.  For example, to connect to mydomain\server1.com server we use the mydomain\server1.user account to RDP onto this server.

 

This works fine.  We can RDP, and we all see the same desktop, with the apps running onscreen.  The issue is that this latest connection bombs the last one out (without warning for that  existing user).  So, if someone was doing something on there, they are disconnected.  This is just the way RDP works when you connect as the same user.

 

This request is to ask if you could add an option to run a quick script displaying the last known RDP logon to that server (and date/time) with a continue yes/no button.  This information could be pulled from the passwordstate audit log.  For example, the following is recorded in the audit logs, so could be used for the prompt:

Fred Smith (mydomain\fsmith) initiated a Remote Session connection to Host 'server1.mydomain.com' (server1 (mydomain server1.user)) using credential '\mydomain\Server Logon Users -> server1.user'. at 21/10/2019 15:05:15

 

Whoever is connecting can then message the listed user separately, to make sure they've finished what they were doing.  If Passwordstate tracks when an RDP session is disconnected, then that info would be useful too, but I don't believe that is tracked.

 

This feature would be of massive benefit to us, rather than looking at 3rd parties to get around the issue.

 

Thanks

 

 

Link to comment
Share on other sites

Hi alun

 

Probably you could add a custom code to

"C:\Program Files (x86)\Passwordstate Remote Session Launcher\PSLauncher.ps1"

This PowerShell script is used to connect via RDP. 

But take care to make a backup of this script before updating the Remte Session Launcher next time.

 

All the best,

 

Fabian

Link to comment
Share on other sites

Hi Fabian

 

That's a good idea, I hadn't though of that.  I'll have a play and see what I can do with that script.

 

The only issue is that I doubt I'll be able to query the audit log to display  the last user who connected (unless I can use an API I guess), although I could maybe get the script to log it separately, and the query that?

 

Thanks

 

Alun

Link to comment
Share on other sites

Hi Alun

 

Rather then using the audit logs from Passwordstate you could really query the logged on users from the server you would like to connect to. This can probably be achieved by using PowerShell as well. As you need to have special permissions to query this, you could use the credentials you already get in the PSLauncher.ps1 to connect to the server...

 

 

All the best,

 

Fabian

 

Link to comment
Share on other sites

Hi Fabian

 

Unfortunately, I don't think that'll give us what we need in this use case.  For example, for mydomain\server1.com, the RDP user will always be mydomain\server1.user (and this is what is displayed by querying the logged on users using something like QWINSTA) but what we really need to know is which passwordstate user initiated that connection (eg, mydomain\fred.smith), so they can be asked if they've finished on the server before being brutally kicked off.  It's a clunky situation (logging on with RDP as a specific user), but one we can't avoid at the moment.

 

Based on your original idea, I've managed to butcher the PSLauncher.ps1 script to use the api to query the Passwordstate audit data, and prompt to continue (see attached 'Working Example.jpg').

 

The powershell I used within the script...

 

    $MyPasswordstateUrl = "https://passwordstate/mydomain.com/winapi/reporting/29?Duration=1"
    $params = Invoke-RestMethod -Uri $MyPasswordstateUrl -Method GET -UseDefaultCredentials
    $my_params = $params | Where-Object Description -like *$HostName* | select-object -First 2 | Select-Object -Last 1 | foreach { $_.UserID,$_.AuditDate }
    $a = new-object -comobject wscript.shell
    $intAnswer = $a.popup($my_params, ` 0,"Last recorded connection $HostName",1)
    If ($intAnswer -eq 1) {
        # You answered OK, so continue....
        } else {
        # You cancelled, so quit before launching...
            exit
    }

 

 

There are a few caveats:

  • Only works for the 'Client Based Launcher', no way to make it work for the 'Browser Based Launcher'
  • The audit event is logged, even if you cancel at the prompt (as the audit log is written to before the script is launched)
  • You must be logged onto Windows as the right user for the API to work - as opposed to being logged into Passwordstate as the right user (I believe its related to: -UseDefaultCredentials in the powershell api query)

So, I'm half way there - but the Browser Based Launcher is a favourite here, so will be missed if we can't use it.

 

Be fantastic to see the last connection printed within the remote session launcher box (see attached 'Show Details-details in window.jpg')

Working Example.JPG

Show Details-details in window.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...