Hello everyone,
I'm looking for a way to grant users permission to shadow und logoff RDS user sessions.
To do this I first need to get the user's session host und unified session id:
$Session = Get-RDUserSession -ConnectionBroker $ConnectionBroker -CollectionName "MyCollection" -ErrorAction Stop | Where {$_.UserName -eq $CommonName}After that I can use the information to either logoff or shadow the user.
For shadowing:
mstsc /v:$HostServer /shadow:$SessionId /control
For LogOff:
Invoke-RDUserLogoff -Force -HostServer $Session.HostServer -UnifiedSessionID $Session.UnifiedSessionId -ErrorAction Stop
My problem:
To run these commands the user needs admin privileges, which is not what you want for a first level supporter.
My question:
Is there a way to allow a group/user to retrieve the session ID's from the Connection Broker and Logoff/Shadow without granting them admin privileges?
In case there is no way to grant those specific permissions, what are the permissions the user requires on which machines (broker, hosts?)?