On Mon, May 11, 2020 at 8:14 AM Joachim Lindenberg <[email protected]> wrote:
> Hi Micael, > > while Guacamole could probably know who connected via Guacamole, Guacamole > will not know any user logged in via standard RDP or locally. You can get > that information via qwinsta, query session, or variants thereof, but > expect retrieval to be slow at least in case of error. > > You should be able to write a Guacamole extension that monitors either way > and visualizes the usage information – whether with user names or without > is up to your privacy considerations. > > Best Regards, Joachim > > Just to add to this a little bit - if all of you users are connecting through Guacamole, and not with other RDP clients, then you could use the Maximum Connections/Maximum Connections per User options within Guacamole to make sure that only one person can connect to the host at a time. I use this both with Windows 10 RDP connections (limit 1 connection total, 1 per user), and also with Windows Server connections (limit 2 connections total, 1 per user) in Guacamole. However, if you have users connecting outside of Guacamole then Guacamole has no way of knowing if a user is already logged in, unless you somehow query the remote system ahead of time. This is entirely doable, assuming you can find information about currently running RDP sessions somewhere in Windows - as Joachim mentions, you can write an authentication extension that decorates another extension and intercepts the Connect method, essentially verifying that one one else is connected prior to actually trying to connect. The other option, which is a little more involved, would be to write an extension that listens on a REST API, and write an agent that runs on the Windows systems to register when a system is in use. This may be #OVERKILL, but it is an option. -Nick
