Capturing Logged In Remote Desktop Sessions on Servers Using PowerShell

While it’s a best practice to avoid logging on servers using Remote Desktop for management tasks, some things are just easier when you do and some things are almost impossible to do otherwise. That will change significantly with Windows Server 2016 but in the mean time, we have to manage this.

I’m sure it happened to you or to your colleagues, we sometime disconnect our RDP sessions from our beloved pet servers and forget we ever logged onto those. The problem with this is that we end up wasting precious server resources in our environment for no valid reasons. So how can we be aware of those lingering RDP sessions?

In our case, I built the following script to help us assess the situation.

For the latest version: Get-RDPSession.ps1

Here’s what the script is doing at a high level:

  1. Get a list of servers from Active Directory
  2. Load the awesome PSTerminalServices.psm1 module (it hasn’t been updated in a little while though)
  3. For each server:
    1. Capture the Remote Desktop Services sessions core information:
      1. Computer Name
      2. Domain Name
      3. User Name
      4. Connection state
      5. Time of connection
      6. Time of disconnection
      7. Time when last input was received from the user
      8. Login time
      9. User idle time
    2. For each session discovered, measure the amount of memory consumed by the user
    3. Export this data to a CSV file for further analysis

You can then easily use Excel or Power BI to perform additional analysis on your opened sessions. Here’s an screenshot from our environment where I’ve protected the names of the innocents:

rdp_sessions_memory_dashboard

You now go clean your RDP sessions and THEN go bug your colleagues about their sessions! 😉

If you have any questions about this, feel free to ask via the comments!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s