The problem during the period of quarantine work of the enterprise became the following: it is really necessary to minimize the number of visits to offices by specialists servicing and advising on application software, and frankly, users often abuse the help of specialists not wanting to delve into the question itself, they say βthey will come - they will help - they will do it, but I'll smoke / drink coffee, etc. for now. Phone consultation when sharing a server is more effective when viewing a remote screen.
Already after the βinventionβ of our bicycle, sane information on the topic of the article turned up:
All information below is intended for those who normally tolerates abnormal perversions to get the desired result, inventing unnecessary methods.
In order not to βpull the cat by the tailβ, Iβll start with the last one: the bike works for a regular user using the utility
I. Console and shadow RDP.
Since use with admin rights of the Server Manager console -> QuickSessionCollection -> by clicking on the session of the user of interest, selecting Shadow from the context menu for personnel instructing how to work with software, - not an option, another "wooden" method was considered, namely:
1. Find out the RDP id of the session:
query user | findstr Administrator
or:
qwinsta | findstr Administrator
And "| findstr Administrator"It was only convenient when you know exactly what Administrator you need, or use only the first part to see all logged in on the server.
2. We connect to this session, provided that in the domain group policies "Sets remote control rules for user Remote Desktop Services sessions" option is set to at least "Monitor session with user permission" (
mstsc /shadow:127
Please note that only user logins will be in the list.
I repeat that without admin rights you will get the following:
But for preliminary debugging of the program, which will be discussed, I used an account with administrator rights.
II. Program
So the problem statement: creating some simple graphical interface for connecting to the user's shadow sense with his permission, sending a message to the user. Programming environment chosen by Lazarus.
1. We get the full domain list of users "login" - "full name" from the admin, or again through the console:
wmic useraccount get Name,FullName
no one forbids even this:
wmic useraccount get Name,FullName > c:testusername.txt
I will say right away that it was Lazarus who had a problem with processing this file, since by default its encoding is UCS-2, so I just had to manually convert it to regular UTF-8. There are a lot of tabs in the file structure, or rather a lot of spaces, which it was decided to process programmatically, sooner or later the encoding problem will be solved, and the file will be programmatically updated.
So, the idea is a folder accessible to users of the program, for example c: test, in which there will be 2 files: the first with login and fullname, the second with id_rdp and login users. Further, we process this data as best we can :).
In the meantime, to associate with the list of sessions, we transfer this (login and fullname) contents to an array:
procedure Tf_rdp.UserF2Array;
var
F:TextFile; i:integer; f1, line1:String; fL: TStringList;
begin //f_d Π³Π»ΠΎΠ±Π°Π»ΡΠ½ΡΠΉ ΠΏΡΡΡ ΠΊ ΡΠ°Π·ΠΌΠ΅ΡΠ΅Π½ΠΈΡ ΡΠ°ΠΉΠ»ΠΎΠ²
f1:=f_d+'user_name.txt'; //Π·Π°Π΄Π°ΡΠ° ΡΡΠΈΡΠ°ΡΡ Π² ΠΌΠ°ΡΡΠΈΠ² ΡΠΎΠ΄Π΅ΡΠΆΠΈΠΌΠΎΠ΅ ΡΠ°ΠΉΠ»Π°
fL := TStringList.Create; // ΡΡΡΠΎΠΊΡ ΠΏΠΎΠ΄Π²Π΅ΡΠ³Π½Π΅ΠΌ ΠΌΠ΅ΡΠ°ΠΌΠ°ΡΡΠΎΠ·Π°ΠΌ Ρ ΡΠ°Π·Π΄Π΅Π»ΠΈΡΠ΅Π»ΡΠΌΠΈ
fL.Delimiter := '|'; fL.StrictDelimiter := True;
AssignFile(F,f1);
try // ΠΡΠΊΡΡΡΡ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΡΡΠ΅Π½ΠΈΡ
reset(F); ReadLn(F,line1);
i:=0;
while not eof(F) do // Π‘ΡΠΈΡΡΠ²Π°Π΅ΠΌ ΡΡΡΠΎΠΊΠΈ, ΠΏΠΎΠΊΠ° Π½Π΅ Π·Π°ΠΊΠΎΠ½ΡΠΈΡΡΡ ΡΠ°ΠΉΠ»
begin
ReadLn(F,line1);
line1:= StringReplace(line1, ' ', '|',[]); //Π·Π°ΠΌΠ΅Π½ΡΠ΅ΠΌ ΠΏΠ΅ΡΠ²ΡΠΉ ΠΏΠΎΠΏΠ°Π²Ρ.2ΠΏΡΠΎΠ±Π΅Π»Π° ΡΠ°Π·Π΄Π΅Π»ΠΈΡΠ΅Π»Π΅ΠΌ |
// ΡΠ΄Π°Π»ΡΠ΅ΠΌ Π²ΡΠ΅ Π΄Π²ΠΎΠΉΠ½ΡΠ΅ ΠΏΡΠΎΠ±Π΅Π»Ρ
while pos(' ',line1)>0 do line1:= StringReplace(line1, ' ', ' ', [rfReplaceAll]);
begin
if (pos('|',line1)>0) then
begin //Π΅ΡΠ»ΠΈ ΡΠ°Π·Π΄Π΅Π»ΠΈΡΠ΅Π»Ρ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ Π·Π°Π½ΠΎΡΠΈΠΌ Π΅Π³ΠΎ Π² ΠΌΠ°ΡΡΠΈΠ²
fL.DelimitedText :=line1; // ΡΠ°Π·Π±ΠΈΠ²Π°Π΅ΠΌ Π½Π° ΡΡΠΎΠ»Π±ΡΡ
if (fL[0]<>'') then //Π΅ΡΠ»ΠΈ ΡΡΠ΅ΡΠΊΠ° ΠΈΠΌΠ΅Π΅Ρ ΠΈΠΌΡ
begin //Π²Π½ΠΎΡΠΈΠΌ Π΅Π΅ Π² ΠΌΠ°ΡΡΠΈΠ²
inc(i); // ΠΈΠ·Π±Π°Π²Π»ΡΠ΅ΠΌΡΡ ΠΎΡ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΡΡ
ΠΎΠ΄ΠΈΠ½ΠΎΡΠ½ΡΡ
ΠΏΡΠΎΠ±Π΅Π»ΠΎΠ² Π² Π»ΠΎΠ³ΠΈΠ½Π΅
fam[0,i]:=StringReplace(fL[1],' ','',[rfReplaceall, rfIgnoreCase]);
fam[1,i]:=fL[0];
end;end;end;end; // ΠΠΎΡΠΎΠ²ΠΎ. ΠΠ°ΠΊΡΡΠ²Π°Π΅ΠΌ ΡΠ°ΠΉΠ».
CloseFile(F);
Fl.Free;
except
on E: EInOutError do ShowMessage('ΠΡΠΈΠ±ΠΊΠ° ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠΈ ΡΠ°ΠΉΠ»Π°. ΠΠ΅ΡΠ°Π»ΠΈ: '+E.Message);
end;end;
I apologize for "a lot of code", the following points will be more concise.
2. Similarly to the method from the previous paragraph, we read the result of processing the list into the StringGrid element, while I will give a βsignificantβ piece of code:
2.1 Get the current list of RDP sessions to a file:
f1:=f_d+'user.txt';
cmdline:='/c query user >'+ f1;
if ShellExecute(0,nil, PChar('cmd'),PChar(cmdline),nil,1)=0 then;
Sleep(500); // ΠΌΠΎΠΆΠ½ΠΎ ΠΈ ΠΏΠΎΠ΄ΠΎΠ»ΡΡΠ΅ ΠΆΠ΄Π°ΡΡ ΠΏΠΎΠΊΠ° ΡΠ°ΠΉΠ» Π΄Π»Ρ ΡΡΠ΅Π½ΠΈΡ ΡΠΎΠ·Π΄Π°Π΅ΡΡΡ
2.2 We process the file (only significant lines of code are indicated):
StringGrid1.Cells[0,i]:=fL[1]; StringGrid1.Cells[2,i]:=fL[3]; //ΠΊΠΈΠ΄Π°Π΅ΠΌ Π² ΡΠΈΠΊΠ»Π΅ Π² StringGrid1
login1:=StringReplace(fL[1],' ','',[rfReplaceall, rfIgnoreCase]); //ΡΠ±ΠΈΡΠ°Π΅ΠΌ ΠΈΠ· Π»ΠΎΠ³ΠΈΠ½Π° ΠΏΡΠΎΠ±Π΅Π»Ρ
if (SearchArr(login1)>=0) then //ΠΈΡΠ΅ΠΌ Π² ΠΌΠ°ΡΡΠΈΠ²Π΅ ΠΈΠ· ΠΏ1. Π»ΠΎΠ³ΠΈΠ½ ΠΈ Π·Π°ΠΏΠΈΡΡΠ²Π°Π΅ΠΌ Π² ΡΠ°Π±Π»ΠΈΡΡ Π€ΠΠ
StringGrid1.Cells[1,i]:=fam[1,SearchArr(login1)]
else StringGrid1.Cells[1,i]:='+'; // Π»ΠΈΠ±ΠΎ Π·Π°ΠΏΠΈΡΡΠ²Π°Π΅ΠΌ ΠΏΠ»ΡΡΠΈΠΊ:)
.... //Π² Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ ΠΎΡ Π²ΡΠ±ΠΎΡΠ° ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ ΡΠΎΡΡΠΈΡΡΠ΅ΠΌ ΠΈ ΡΠΎΡΠΌΠ°ΡΠΈΡΡΠ΅ΠΌ ΠΏΠΎ Π΄Π°Π½Π½ΡΠΌ
if (b_id.Checked=true) then SortGrid(0) else SortGrid(1);
StringGrid1.AutoSizeColumn(0);StringGrid1.AutoSizeColumn(1); StringGrid1.AutoSizeColumn(2);
3. Direct connection itself when clicking on the line with the user and his session number:
id:=(StringGrid1.Row);// ΡΠ·Π½Π°Π΅ΠΌ Π½ΠΎΠΌΠ΅Ρ ΡΡΡΠΎΠΊΠΈ IntToStr(StringGrid1.Row)
ids:=StringGrid1.Cells[2,id]; //ΠΏΠΎΠ»ΡΡΠ°Π΅ΠΌ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ rdp
cmdline:='/c mstsc /shadow:'+ ids; //ΠΈ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ°Π΅ΠΌΡΡ....
if (b_rdp.Checked=True) then if ShellExecute(0,nil, PChar('cmd'),PChar(cmdline),nil,1) =0 then;
4. A couple more decorations were made, such as sorting by clicking on the radiobutton, and messages to the user, or to all users.
β Full source code can be seen
III. Using AdminLink - what I saw:
AdminLink does indeed generate a shortcut that links to the location of the utility admilaunch.exe, and a personal copy of the launch utility AdmiRun.exe which is located in the user folder, for example vasya, type C:UsersvasyaWINDOWS. In general, not everything is so bad: you can play around with the access rights to the shortcut file and others to clear your own admin conscience.
Source: habr.com