Made with Microsoft Template Studio
1. Active Directory
Create an AD-Group "Domain\RDS-Shadow"
Add Users in "Domain\RDS-Shadow"
2. Configure the database for the Connection Broker
USE [master]
GO
CREATE LOGIN [Domain\RDS-Shadow] FROM WINDOWS WITH DEFAULT_DATABASE=[RDSFARM]
GO
USE [RDSFARM]
GO
CREATE USER [Domain\RDS-Shadow] FOR LOGIN [Domain\RDS-Shadow]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE VIEW [dbo].[Shadowing]
AS
SELECT Session.UserName, Pool.DisplayName AS PoolName, Target.Name AS ServerName, Session.SessionId
FROM rds.Session AS Session
INNER JOIN rds.Target AS Target ON Target.Id = Session.TargetId
INNER JOIN rds.Pool AS Pool ON Target.PoolId = Pool.Id
WHERE (Session.State = 0) OR (Session.State = 1)
GO
GRANT SELECT ON [dbo].[Shadowing] TO [Domain\RDS-Shadow]
GO
3. Add the Group (Domain\RDS-Shadow) to the role db_datareader
ALTER ROLE db_datareader ADD MEMBER [Domain\RDS-Shadow]
4. Add rights to Terminalserver
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName ="RDP-Tcp") CALL AddAccount "domain\rds-shadow",2
or installation via winget "winget install 9NLQV1VWWCLC -s msstore"