We have a client that we created a terminal server for a couple of years ago. When we KLC to this terminal server, we are able to connect to any RDP session that is connected to that server. They show as a drop down. (see attached, domain/username info pixelated for the users safety ). This is a Server 2016 Standard OS, we have tried to replicate this with other terminal servers and can't figure out what we did to make this happen. Does anybody else know?
Terminal Server Shadow support is only enabled if the Remote Desktop Services policy on the agent machine allows remote control without user's permission.
If the policy requires terminal user permission to shadow sessions, KRC does not allow access to the session.
I set this registry key on all RDS servers to allow shadow sessions:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\shadow = 2