@echo off setlocal enabledelayedexpansion :: Configuration set "csv_file=allowed_pcs.csv" :: Check if the policy file exists if not exist "%csv_file%" ( echo [ERROR] %csv_file% not found. pause exit /b ) echo ============================================ echo Secure Shadow Session Menu (CSV Based) echo ============================================ echo NO. : PC NAME : USER : DESC echo -------------------------------------------- :: Read CSV and display the menu set count=0 for /f "usebackq tokens=1-4 delims=," %%a in ("%csv_file%") do ( set /a count+=1 set "pc_!count!=%%a" set "user_!count!=%%b" set "id_!count!=%%c" echo [!count!] : %%a : %%b : %%d ) echo. set /p choice="Select a number to connect (or 'q' to quit): " :: Handle exit or invalid input if /i "%choice%"=="q" exit /b if not defined pc_%choice% ( echo [ERROR] Invalid selection. pause exit /b ) :: Map selected ID to variables set "target_pc=!pc_%choice%!" set "allowed_user=!user_%choice%!" set "allowed_id=!id_%choice%!" echo. echo [INFO] Target PC: %target_pc% echo [INFO] Policy: User must be "%allowed_user%" with ID %allowed_id% echo Verifying remote session status... :: Verify the actual session status on the remote PC set "verified=false" for /f "tokens=1-4" %%i in ('qwinsta /server:%target_pc% ^| findstr /i "Active"') do ( :: Check if the row contains both the allowed username and the specific session ID echo %%i %%j %%k %%l | findstr /i "%allowed_user%" | findstr "%allowed_id%" >nul if not errorlevel 1 ( set "verified=true" ) ) :: Proceed if session matches the CSV policy if "%verified%"=="true" ( echo [SUCCESS] Verification passed. Requesting connection... :: Note: /noConsentPrompt is omitted here. The user on the target PC must accept the request. mstsc /v:%target_pc% /shadow:%allowed_id% /control ) else ( echo [SECURITY ALERT] Session verification failed. echo The current active user on %target_pc% does not match the CSV policy. ) pause