2

In one of the module in my application, I need to call WTS32api : WTSEnumerateSessions which returns Error Code 5.

Here is the question on SO regarding that :

As per suggestion provided there, I want to check, whether particular group/user do have 'Query Information' permission enabled or not.

I could check that on Windows Server 2008 with the help of this documentation.

On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.

Under Connections, right-click the name of the connection, and then click Properties.

In the Properties dialog box for the connection, on the Security tab, configure the permissions as appropriate for your environment, and then click OK.

In my case, 'Security' Tab, clicked on 'Advanced' and then Edit the permission of particular.

But on machine where I am facing the problem, there is Windows 10 installed.

How can I check this on Windows 10?

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
Amit
  • 153
  • 1
  • 1
  • 10

2 Answers2

1

The security settings you are looking for are exposed by the Remote Desktop Session Host role of Windows Server. You cannot install this role on the workstation versions of Windows, nor do they support simultaneous incoming RDP connections, so that dialog box is not accessible in Windows 10 as it would have no purpose.

I'm not aware of any workaround for this.

For what it's worth, members of the Administrators group can enumerate active RDP sessions on a Windows machine, including Windows 10.

I say Reinstate Monica
  • 25,487
  • 19
  • 95
  • 131
  • let me check with your inputs. I will get back here. – Amit Dec 27 '18 at 06:07
  • Not sure why, but 'Administrators group' doesn't solve the problem. I have raised another similar [question](https://superuser.com/questions/1389713/query-session-command-gives-error-code-5-even-when-allowremoterpc-is-set-to-1) – Amit Jan 02 '19 at 09:06
0

I know this is an old post but i landed on this trying to find out why RPC needs remote desktop permissions for some functions to work between clients. (That error(5) is what flagged my attention here. Error(5) is what you get when RPC is not activated, or the user does not have RPC access.)

TL;DR: enable RPC on your machines, at your own risks of course.

In my case i built a small script to see who is connected on a shared computer, as we allow access to only 1 user at a time (and some users have a tendency to leave their sessions open when leaving their workstation, and sometimes the 10 min timeout is too long for other impatient users lol...). I use the "query user" command, or "quser", in a simple batch script wrapped up in an exe (so the user can't actually see nor modify the script.)

I had some users on the network that were using the default built-in "remote access user" group permission instead of the custom 1 we have for the above mentioned shared computer (all my fault i was not paying attention when i gave these users their permissions, or rather did not think they would need it. as it happens, they did) and that particular script would not work. Rather, it was running, but was returning wrong information, as it needs admin privileges to run. And it was working fine for other users on the network, which were given said custom permission for the shared computer. I probably don't have to tell you, but i searched for a while before finding out what was going on. Not sure why, but RPC and RDP seem to work in correlation somehow.

Pop
  • 1