Assume the following scenario:
Is there any way to perform this check? Any command, Win32 API, WMI query? So far, I was only able to find out that rdpsaproxy.exe
program is started in shadowed session. That is almost enough, but this program also keeps running when user denies access when prompted to accept initial shadowing request. So detecting presence of rdpsaproxy in check session is not enough to say that somebody is watching me.
You could bind a notification task to the events of Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational event log:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.