none
Check if there is a RDP session to a remote machine RRS feed

  • Question

  • Is there a way within .NET (C#) to check for a remote machine if there is a RDP connection open?

    As an example there is an Setup like this:
    Machine A target of the RDP session.
    Machine B source of the RDP session.
    Machine C - running a NET application and is seeing if/that Machine A has an active RDP session.

    Is there a easy way to check that?
    What would this check look like?


    • Edited by HeeTom Friday, May 3, 2013 11:04 AM
    Thursday, May 2, 2013 4:14 PM

All replies

  • Check the task manager processes.  You also may see the TCP conection if you type in a cmd.exe "netstat -a"

    jdweng

    Thursday, May 2, 2013 4:58 PM
  • Check the task manager processes.  You also may see the TCP conection if you type in a cmd.exe "netstat -a"

    Hmmm ...
    But how do I see this from the remote Position ... ?

    The Application is running on Machine C and on C is no RDP.
    But it should detect a RDP session on machine A (another, remote Machine).

    The mentioned methods will work locally I guess, but remote?


    • Edited by HeeTom Friday, May 3, 2013 12:25 PM
    Friday, May 3, 2013 11:06 AM
  • There's Windows Terminal Service API. But you need to have trust relationship between C and A or WTSOpenServer would fail with error "access denied". I am not aware of adding this to the .Net framework - its downloading size is one of the things people complain about. You can pull the method signature with some samples off pinvoke.net.


    Visual C++ MVP

    Sunday, May 5, 2013 5:00 AM
  • For remote computer resource/information management, you can always take a look the WMI programming model. And it seems Remote Desktop Services also expose WMI provider for querying related information.

    #Obtaining Data from a Remote Computer
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa384423(v=vs.85).aspx

    #Remote Desktop Services WMI provider
    http://msdn.microsoft.com/en-us/library/windows/desktop/aa383511(v=vs.85).aspx

    Besides the script based programming model, we can also perform WMI query in .NET via System.Management namespace classes. And there is also a code creator which simplifies some WMI code generation.

    #Getting Started Accessing WMI Data 
    http://msdn.microsoft.com/en-us/library/ms186120(v=vs.80).aspx

    #WMI Code Creator v1.0
    http://www.microsoft.com/en-us/download/details.aspx?id=8572


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 6, 2013 5:36 AM
    Moderator
  • Ok, I'll have to look through the articles to see if I can do what I want to ...

    But:

    But you need to have trust relationship between C and A

    Is this really a requirement?
    There are a lot situations where C and A are in not trusted Domains (or no domains at all).
    There should be a alternative to authenticate.

    Monday, May 6, 2013 1:58 PM
  • the server can't just give the information away to the public. That would be information disclosure vulnerability. you have to be able to authenticate to the server remotely through windows authentication. If you can't, write a server to relay the information you want and install on a machine that can authenticate to the server.


    Visual C++ MVP

    Monday, May 6, 2013 3:06 PM
  • the server can't just give the information away to the public. That would be information disclosure vulnerability. you have to be able to authenticate to the server remotely through windows authentication. If you can't, write a server to relay the information you want and install on a machine that can authenticate to the server.

    The Machine should not give information to the public, but to request which authenticate directly at A.
    Eg.: Machine A has a local (or domain) user 'UserA' with password 'PasswdA'.
    Machine C (other local/domain user) sends a request with attached credentials 'UserA' & 'PasswdA' to authenticate on Machine A.
    This is what I'm thinking about. There is no "public". Just no domain trust/some domain ...

    Monday, May 6, 2013 4:51 PM
  • You are talking about Windows Authentication via some other protocol. There is no such support in WTS APIs. If you want to access WTS APIs via some other protocol, you have to have WTS-facing code running somewhere that can authenticate to the server directly. There is no credential you can provide to WTSOpenServer - it only takes a server address.


    Visual C++ MVP

    Monday, May 6, 2013 6:25 PM
  • Other than what Sheng Jiang and HeeTom suggested, I'd like to suggest some other routes.

    If Machine C stands in the network pathway between Machine A and B (i.e.: Machine C is running ISA or other firewall type application to manage network traffic), you can query the information from the firewall itself (I think ISA has SDK avaliable with full example... for C++ users, that means you will need some P/Invoke skill to use it

    Certain mid-high range switches also support generating SNMP report regarding current network activities. So if your coperate network all pass though the switch(es) (without hubs in between which will shortcut the route), writing a SNMP parser could be enough. (I think Cisco has released an auditing tool that logs all network activity and perform analysis, so it's quite possible)

    These will work without trust relationship to machine A or B.



    Tuesday, May 7, 2013 2:53 AM
    Answerer