How to Shadow Another User's Session in Batch Script

When a user calls the help desk saying, "I get an error message when I click print," the best way to help them is to see what they see. While external tools like TeamViewer or AnyDesk work, Windows has a built-in feature called Session Shadowing that lets administrators view (and control) another RDP session instantly. Using a Batch script wrapper makes this process seamless, allowing support staff to simply type a username and connect.

This guide explains how to use mstsc /shadow.

Why Shadow via Command Line?

Instant Support: Jumping directly into a user's session without asking them to download or install any remote support software.
Server Maintenance: monitoring what a long-running script is doing on the console session of a headless server.
Training: watching a new employee perform a task to ensure they are following the correct procedure (with their consent).

Tool Required

The mstsc.exe (Microsoft Terminal Services Client) is built into every version of Windows. However, shadowing is only supported on Pro, Enterprise, and Server editions.

Method 1: Shadowing by Session ID

You must first identify the numeric Session ID of the user (using qwinsta or quser), then pass it to the shadow command.

@echo off
set /p "ID=Enter Session ID to shadow: "

echo [PROCESS] Requesting permission to view Session %ID%...

:: /shadow initiates the view
:: /control allows you to move their mouse and type
:: /noConsentPrompt (requires Group Policy ease) attempts silent connection
mstsc /shadow:%ID% /control

pause

Method 2: Finding the User and Connecting

Since you rarely know the Session ID, combining query user with mstsc in a single script is much more efficient.

@echo off
setlocal EnableDelayedExpansion

set /p "TARGET=Enter Username to Support: "

echo [PROCESS] Locating %TARGET%...

:: Find the Session ID from the query user output
:: query user output columns: USERNAME, SESSIONNAME, ID, STATE, IDLE TIME, LOGON TIME
:: If SESSIONNAME is present: tokens shift right (ID is token 3)
:: If SESSIONNAME is blank (e.g., Disc): tokens shift left (ID is token 2)
set "SID="
for /f "skip=1 tokens=1-4" %%a in ('query user "%TARGET%" 2^>nul') do (
    echo %%c | findstr /r "^[0-9][0-9]*$" >nul 2>&1
    if !errorlevel! equ 0 (
        set "SID=%%c"
    ) else (
        set "SID=%%b"
    )
)

if not defined SID (
    echo [ERROR] User not found or not logged in.
    pause
    exit /b
)

echo [SUCCESS] User found on Session ID: !SID!
echo [ACTION] Launching Shadow Viewer...

mstsc /shadow:!SID! /control

pause

Creating a Remote Support Dashboard

This professional script allows you to shadow users on a designated Terminal Server (RDS host).

@echo off
setlocal EnableDelayedExpansion

set "SERVER=RDS-01"

echo ============================================================
echo   Remote Shadow Console for %SERVER%
echo ============================================================

set /p "USN=Username: "

:: 1. Query remote server for the user's session ID
set "ID="
for /f "skip=1 tokens=1-4" %%a in ('query user "%USN%" /server:%SERVER% 2^>nul') do (
    echo %%c | findstr /r "^[0-9][0-9]*$" >nul 2>&1
    if !errorlevel! equ 0 (
        set "ID=%%c"
    ) else (
        set "ID=%%b"
    )
)

:: 2. Connect
if defined ID (
    echo [CONNECTING] Shadowing Session !ID! on %SERVER%...
    mstsc /v:%SERVER% /shadow:!ID! /control
) else (
    echo [FAIL] User is not on that server.
)

echo ============================================================
pause

Common Pitfalls and How to Avoid Them

"Access Denied" or "Shadow Error"

By default, Windows requires the user to Click Yes on a permission prompt ("Administrator X would like to view your screen"). If they don't click Yes (or are away), the connection fails.

Solution: Configure the Group Policy: Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Set rules for remote control. Set it to "Full Control without user's permission" if company policy allows.

Shadowing the Console (Session 1)

You can shadow the physical console session, but only if you are an Administrator.

SEO and UX Tip

Advise your users that Shadowing supports multiple monitors! If the user has 2 screens, the shadow window will show both side-by-side, which might require scrolling.

Best Practices for RDP Shadowing

Always Ask Permission: Even if you can bypass the prompt technically, it is professional courtesy (and often legal requirement) to ask the user via chat/phone before shadowing.
Use /control sparingly: Start with "View Only" mode (omit /control). Only request control if the user asks you to "fix it for me."
Audit Logs: Shadowing events are logged in the Event Viewer. Ensure your actions are justifiable for support reasons.

Protocol

Shadowing works over the standard RDP port (3389). Ensure your firewall allows RDP traffic between your workstation and the target.

Conclusion

Shadowing RDP sessions via Batch script is the "secret weapon" of effective help desk teams. By wrapping the mstsc /shadow command in a user-friendly script, you reduce the time to resolution for support tickets from minutes to seconds. This professional capability allows you to see exactly what the user sees, diagnose graphical errors or workflow mistakes instantly, and provide a superior level of service across your Windows environment.

Why Shadow via Command Line?​

Method 1: Shadowing by Session ID​

Method 2: Finding the User and Connecting​

Creating a Remote Support Dashboard​

Common Pitfalls and How to Avoid Them​

"Access Denied" or "Shadow Error"​

Shadowing the Console (Session 1)​

Best Practices for RDP Shadowing​

Conclusion​

Table of Contents