Jump to content

screencapture with rdp connections


Recommended Posts

Hi,

I try to do some ondemand screen capture to monitor some machines on the network.

I have two autoit scripts, a sender (on pc1) who send mailslot to request a screencapture, and a listener (on pc2), running in the user session, who listen mailslot, get it, and do a screencapture.

Now :

- if pc2 have its session opened or locked, screencapture works nice, even when the session is locked I get the capture of the windows of the user desktop.

- if I connect to pc2 with rdp, the listener script get a black screencapture

- if I connect to pc2 with rdp, then close the rdp connection (the session stay opened on pc2), , the listener script get a black screencapture

So, how can I get a screencapture of the screen on pc2 when pc2 have been rdp connected and then unconnected ?

The scripts themselves are pretty simple, I use mailslot UDF, then on the listener when a mailslot beginning by 'screen' is detedted it does :

_ScreenCapture_Capture(@ScriptDir&"\FullScreen_"&@ComputerName&".jpg")

Any idea would be nice, having this function working would really rocks to monitor some calculating machines that we connect to only via rdp (there is no one working on the machine).

EDIT : all machines on win7 pro x64, with nvidia cards, on a domain (I am network admin in case gpo etc required)

Kib

Edited by kiboost

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

Seems at least possible : http://emcosoftware.com/remote-screenshot

without any client running ! Requires an administrative account that's all

I have all acounts/password of the entire domain so this is not a problem. But I would need an autoit solution to implement this functions in another script.

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

ok I may have a solution, will try it and let you know.

Different cases :

1) a user is log on its session

2) the session is locked

3) an rdp session is opened on pc2

4) an rdp session is opened on pc2 and the rdp window is minimized

5) an rdp session was opened on pc2 and has been disconnected

actually, with _screencapture_capture :

1) it works

2) it works

3) it works

4) blank screen !

5) blank screen !

solutions :

4) a registry hack on the machine opening the rdp session :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Terminal Server Client]

"RemoteDesktop_SuppressWhenMinimized"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Terminal Server Client]

"RemoteDesktop_SuppressWhenMinimized"=dword:00000002

5) a command on the remote machine to redirect the session to the console once rdp is terminated :

%windir%\System32\tscon.exe X /dest:console

with X being the session number of the user (usually 1 but not allways with win7)

I even, then, can redirect session to console, and relock the session for security

These solution have been hard tested and works.

I have all needed informations, like id number etc, so let's go with the code !

Edited by kiboost

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

ok my problem is detecting that the rdp session has been diconnected to the client.

if rdpclip process exist, I know someone is connected through rdp.

but this process runs till someone reopen the session locally. So how can I know that the rdp user have disconnected, so I can run the tscon command to redirect to console ?

In taskmanager there is a user panel with connected user, and rdp is noted RDP-Tcp#0. Maybe this information change once disconnected but how to read this value ?

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

ok, three states for a session :

active, console

active, rdp-tcp

deco,

I have a script from here

who does find the id session of a process. How to get more info on the session, like state and session ?

Func _ProcessGetSessionID($vProcessID)
If Not IsNumber($vProcessID) Then
  $vProcessID=ProcessExists($vProcessID)
  If $vProcessID=0 Then Return SetError(1,0,-1)
EndIf
Local $aRet=DllCall($_PFhKern32DLL,"bool","ProcessIdToSessionId","dword",$vProcessID,"dword*",0)
If @error Then Return SetError(2,@error,-1)
If Not $aRet[0] Then Return SetError(3,0,-1)
Return $aRet[2]
EndFunc

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

ok nearly all works but I have a problem with tscon.

On machines that are not in administrator session, I get an error with tscon 1 /dest:console

the error is error5, access denied

I've tried admin/user/domaine password, runas, autoit runas, etc nothing ...

I will check in gpos is there is something about user allow for rdp (but they all can rdp to other machines, strange), if anyone have an idea ?

Allow, I actually use quser and StdoutRead to get connection state, if anyone know how to get this via dllcall is would better.

Win7 pro x64. scripts compiled to x64. - Autoit v3.3.6.1 | Scite 1.79

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...