A script that runs on the host to connect to the client.

преди 2 месеца · 97321dcf72
--- a/ShadowSession.bat
+++ b/ShadowSession.bat
@@ -0,0 +1,71 @@
 
				
				+@echo off
			
 
				
				+setlocal enabledelayedexpansion
			
 
				
				+
			
 
				
				+:: Configuration
			
 
				
				+set "csv_file=allowed_pcs.csv"
			
 
				
				+
			
 
				
				+:: Check if the policy file exists
			
 
				
				+if not exist "%csv_file%" (
			
 
				
				+    echo [ERROR] %csv_file% not found.
			
 
				
				+    pause
			
 
				
				+    exit /b
			
 
				
				+)
			
 
				
				+
			
 
				
				+echo ============================================
			
 
				
				+echo   Secure Shadow Session Menu (CSV Based)
			
 
				
				+echo ============================================
			
 
				
				+echo  NO. :  PC NAME        :  USER      :  DESC
			
 
				
				+echo --------------------------------------------
			
 
				
				+
			
 
				
				+:: Read CSV and display the menu
			
 
				
				+set count=0
			
 
				
				+for /f "usebackq tokens=1-4 delims=," %%a in ("%csv_file%") do (
			
 
				
				+    set /a count+=1
			
 
				
				+    set "pc_!count!=%%a"
			
 
				
				+    set "user_!count!=%%b"
			
 
				
				+    set "id_!count!=%%c"
			
 
				
				+    echo  [!count!] :  %%a  :  %%b  :  %%d
			
 
				
				+)
			
 
				
				+
			
 
				
				+echo.
			
 
				
				+set /p choice="Select a number to connect (or 'q' to quit): "
			
 
				
				+
			
 
				
				+:: Handle exit or invalid input
			
 
				
				+if /i "%choice%"=="q" exit /b
			
 
				
				+if not defined pc_%choice% (
			
 
				
				+    echo [ERROR] Invalid selection.
			
 
				
				+    pause
			
 
				
				+    exit /b
			
 
				
				+)
			
 
				
				+
			
 
				
				+:: Map selected ID to variables
			
 
				
				+set "target_pc=!pc_%choice%!"
			
 
				
				+set "allowed_user=!user_%choice%!"
			
 
				
				+set "allowed_id=!id_%choice%!"
			
 
				
				+
			
 
				
				+echo.
			
 
				
				+echo [INFO] Target PC: %target_pc%
			
 
				
				+echo [INFO] Policy: User must be "%allowed_user%" with ID %allowed_id%
			
 
				
				+echo Verifying remote session status...
			
 
				
				+
			
 
				
				+:: Verify the actual session status on the remote PC
			
 
				
				+set "verified=false"
			
 
				
				+for /f "tokens=1-4" %%i in ('qwinsta /server:%target_pc% ^| findstr /i "Active"') do (
			
 
				
				+    :: Check if the row contains both the allowed username and the specific session ID
			
 
				
				+    echo %%i %%j %%k %%l | findstr /i "%allowed_user%" | findstr "%allowed_id%" >nul
			
 
				
				+    if not errorlevel 1 (
			
 
				
				+        set "verified=true"
			
 
				
				+    )
			
 
				
				+)
			
 
				
				+
			
 
				
				+:: Proceed if session matches the CSV policy
			
 
				
				+if "%verified%"=="true" (
			
 
				
				+    echo [SUCCESS] Verification passed. Requesting connection...
			
 
				
				+    :: Note: /noConsentPrompt is omitted here. The user on the target PC must accept the request.
			
 
				
				+    mstsc /v:%target_pc% /shadow:%allowed_id% /control
			
 
				
				+) else (
			
 
				
				+    echo [SECURITY ALERT] Session verification failed.
			
 
				
				+    echo The current active user on %target_pc% does not match the CSV policy.
			
 
				
				+)
			
 
				
				+
			
 
				
				+pause