How to call RPC Terminal Services RRS feed

  • Question

  • Hello,

    I am trying to implement Shadowing feature on my own RDP client (Win Server TS) in C++. So and administrator can shadow another user session for assistance, etc from another computer.

    I can see on RPCShadow2 on MS-TSTS that is exactly what I need. I have been trying so many things but I am always gettings AccessDenied. I may be missing some auth part on the RPC sequence but I can not find any example to continue. Could you please point me to an exmaple of using TS RPC? Even if its not for shadowing. Many thanks in advance.

    static LPCWSTR SESSENVPUBLICRPC_ENDPOINT = L"\\pipe\\SessEnvPublicRpc"; 


    if (RpcStringBindingComposeW( NULL, (USHORT *)SESSENVPUBLICRPC_PROTOCOL_SEQUENCE, (USHORT *)L"SERVER.local", (USHORT *)SESSENVPUBLICRPC_ENDPOINT, NULL, &lpszBinding) != RPC_S_OK) { MessageBox(NULL, TEXT("WTF"), NULL, MB_ICONWARNING); return 0; } if (RpcBindingFromStringBindingW(lpszBinding, &hBinding) != RPC_S_OK) { MessageBox(NULL, TEXT("WTF"), NULL, MB_ICONWARNING); RpcStringFreeW(&lpszBinding); return 0; } HRESULT res; RpcTryExcept{ SHADOW_REQUEST_RESPONSE asd; LPWSTR invitation = new wchar_t[100]; res = RpcShadow2(hBinding,2, SHADOW_CONTROL_REQUEST_TAKECONTROL,SHADOW_PERMISSION_REQUEST_SILENT,&asd, invitation,100); if (res) return HandleError("RpcShadow2", res); }

    Thursday, March 9, 2017 9:14 AM

All replies

  • Hi Jaime, 

    Thanks for your question about implementing the Shadowing feature on your RDP client. One of the Open Specifications team members will follow up shortly to begin assisting you.

    Best regards,
    Tom Jebo 
    Sr Escalation Engineer
    Microsoft Open Specifications Support

    Thursday, March 9, 2017 8:51 PM
  • Hi Jamie,

    Thank you for contacting the Open Specifications Support team.  From the RDP client connection for shadowing, it is likely due to the connection piece earlier before the call to the RpcShadow2() call.

    Since this is an "access denied" status code the return, we recommend to verify the client process has sufficient rights (admin)  and the permission WINSTATION_SHADOW.   Here is more information on the call. 

    The RpcShadow2 method will create a shadow session using the Windows Desktop Sharing API in the target session and return an invitation to that session.

    The caller MUST have WINSTATION_SHADOW permission. The other session can be local or on a terminal server. The session to be shadowed MUST be in the active state with a user logged on. The method checks whether the caller has WINSTATION_SHADOW permission (section 3.1.1) and fails if the caller does not have the permission.



    Friday, March 10, 2017 2:31 PM