Wednesday, July 25, 2018

How to close a RDP session but leave original user logged on

It's annoying when you make a Remote Desktop Connection (RDP) to a PC that it does not automatically reconnect the original user once your remote session has finished. I often need to do this to remotely control a Windows based bit of test equipment. I developed this script to place a button on the Taskbar of the controlled machine to close the RDP session. Provided you use this button the desktop is returned to the original user as the remote session terminates. However, if you simply close the session (as you do normally by closing the RDC window) this code does not help and the machine will, as normal,  prompt for a password before returning to the desktop.

Firstly you need to create this .bat file. I've Created mine in a folder called C:\Temp\Shutdown RDP and named my .bat file "CloseRDP.bat".

set MY_SESSION_ID=unknown
for /f "tokens=3-4" %%a in ('query session') do @if "%%b"=="Active" set MY_SESSION_ID=%%a
tscon %MY_SESSION_ID% /DEST:console /Password:YourTopSecretPassword

Firstly let me explain what this does. The second line runs the command 'query session' and extracts the session ID that is active. It puts the session ID into an environment variable called MY_SESSION_ID. The third line closes the active session (based on it's session ID number from line 2) and redirects to the console. You will have to replace YourTopSecretPassword with the password for the desktop user. Now, this is a bit of a security risk as the password is in plain text inside the .bat file but I'm afraid it does not work if you leave it out.

However there is a problem with this .bat file...it must be run with Administrator privileges otherwise it does not work. So from File Explorer right click on CloseRDP.bat and select "Copy". Then right click in some empty space in the same folder and select "Paste Shortcut". My shortcut is now called "CloseRDP.bat - Shortcut". Right click on this and select "Properties", click on the "Advanced" button and tick "Run as administrator" and click OK twice to return to File Explorer. You have now created a shortcut that runs as Administrator. You can click on this to close the RDC session and return to the desktop. Because it runs as an Administrator you will be prompted to enter the Administrator password.

In an ideal world you would be able to drag this shortcut directly to the Taskbar for it to appear as a clickable program. However for some weird reason this does not work.

To fix this a second shortcut is required! Don't ask me why just do it! In File Explorer right click on "CloseRDP.bat - Shortcut" and select "Copy". Now right click in some empty space again and select "New > Shortcut". In the "Type the location of the item box" manually type "explorer " and then press Ctrl+V to paste the name copied earlier. It should look like this:
Click "Next" and give the shortcut a name. I've called mine "Pinable CloseRDP". There are now three files in the folder that should look like this

Now the icon for "Pinable CloseRDP" has the normal boring File Explorer icon. I like to change this to something that stands out better so right click on "Pinable CloseRDP" and select "Properties". Click on the "Change Icon..." button and select one of the default icons. I normally go with the red cross. Click OK twice to return to File Explorer. File Explorer should now have three files that look like this:

Now, after all these steps, you can finally drag the "Pinable CloseRDP" and drop it onto the Taskbar. You should now have a nice clear button that you can click to close the remote session and return the desktop to the original user.

If you are really keen you could design a custom icon to make it even clearer. When you click on you new icon you will be prompted for the Administrator password, the remote session will close and the desktop will return to the local user session without any password prompt.

Good luck, there are quite a few steps but it does work well if you follow them carefully.