View the active remote desktop connection on a given computer

windows rdp
edeboursetty picture edeboursetty · Mar 6, 2012 · Viewed 55.2k times · Source

I am looking for a tool to know if a given computer on the local network is being remotely accessed by a user or not and ideally I'd like to know who that user is. In my company, we share virtual machines and we keep have to ask members in the team if they use any remote computer. I'd like to have some kind of dashboard that can tell me what computer is being used, and what computer is free.

I am happy to use any kind of commercial solution that would require the install of services on each of the machines that need to be monitored or things like that.

Answer

jeff picture jeff · Mar 6, 2012

The below is made easier if you're querying from a Windows client joined to the same domain as the system you are querying, and may require certain rights above and beyond a standard domain user. If you run into authentication/permission issues, that would be the first thing I'd check.

There is a tool available at least as far back as Windows XP called "qwinsta". Later versions of Windows have both qwinsta and "query session".

qwinsta /server:computer01
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 console                                     0  Conn    wdcon
 rdp-tcp                                 65536  Listen  rdpwd
                   administrator             2  Disc    rdpwd

That shows user "administrator" logged in but disconnected. Since in this example computer01 is a Windows Server 2003 system with the default "administration" RDP license, there's a second session listening for someone to connect.

Running the same command again after connecting to that previously disconnected session looks like this:

 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
[unchanged output removed]
 rdp-tcp#25        administrator             2  Active  rdpwd

This is enough to answer "is someone currently active via RDP", and if you're using individual usernames, it should answer the "who" as well. If you're all using "testuser" or "administrator" or something, you'll probably want to know the answer to "from what client", and that is not given above.

The above gives a quick basic answer without needing additional tools. For more detailed information, you might look at the cassia library or PSTerminalServices (built on cassia). See some of the answers in this question for more detail.

My first thought on this was to use Sysinternals tools such as PsLoggedOn or LogonSessions. I then found reference to the previously-unknown-to-me qwinsta and rwinsta tools in this blog post from 2003.

Related questions

AltGr key not working, instead i have to use Ctrl+AltGr

I encountered this problem several times. I want to use a character accessible using the AltGr Key but for some reason it doesn't work. As if i didn't press the AltGr key. Usually i experience this in remote Desktop but …

Read More
Saving password in rdp file | Windows 7

Windows do not allow saving password in rdp files. Even if I select "Allow me to save credentials" while connection via Remote Desktop Connection. After searching a lot, I found that it requires modifying entry "Do not allow passwords to …

Read More
How to get the IP Address of the Remote Desktop Client?

I'm trying to write a script to log the IP address of the Windows client from which the user initiated Remote Desktop to log in to the Windows Server. How to capture the IP address of the client in the …

Read More