Shadow users

From Director, use the shadow user feature to view or work directly on a user’s virtual machine or session. You can shadow both Windows or and Linux VDAs. The user must be connected to the machine that you want to shadow. Verify this by checking the machine name listed in the user title bar.

Director launches shadowing in a new tab, update your browser settings to allow pop-ups from the Director URL.

Access the shadowing feature from the User Details view. Select the user session, and click Shadow in the Activity Manager view or the Session Details panel.

Shadowing Linux VDAs

Shadowing is available for Linux VDAs Version 7.16 or and later running the RHEL7.3 or Ubuntu Version 16.04 Linux distributions.

Note:

  • The VDA must be accessible from the Director UI for shadowing to work. Hence, shadowing is possible only for Linux VDAs in the same intranet as the Director client.
  • Director uses FQDN to connect to the target Linux VDA. Ensure that the Director client can resolve the FQDN of the Linux VDA.
  • The VDA must have the python-websockify and x11vnc packages installed.
  • noVNC connection to the VDA uses the WebSocket protocol. By default, ws:// WebSocket protocol is used. For security reasons, Citrix recommends that you use the secure wss:// protocol. Install SSL certificates on each Director client and Linux VDA.

Follow the instructions in Session Shadowing to configure your VDA for shadowing.

  1. After you click Shadow, the shadowing connection initializes and a confirmation prompt appears on the user device.
  2. Instruct the user to click Yes to start the machine or session sharing.
  3. The administrator can only view the shadowed session.

Shadowing Windows VDAs

Windows VDA sessions are shadowed using Windows Remote Assistance. Enable User Windows Remote Assistance feature while installing the VDA. For more information, see the Enable or Disable features section in Install VDAs.

  1. After you click Shadow, the shadowing connection initializes and a dialog box prompts you to open or save the .msrc incident file.
  2. Open the incident file with the Remote Assistance Viewer, if not already selected by default. A confirmation prompt appears on the user device.
  3. Instruct the user to click Yes to start the machine or session sharing.
  4. For additional control, ask the user to share keyboard and mouse control.

Streamline Microsoft Internet Explorer browsers for shadowing

Configure your Microsoft Internet Explorer browser to automatically open the downloaded Microsoft Remote Assistance (.msra) file with the Remote Assistance client.

To do this, you must enable the Automatic prompting for file downloads setting in the Group Policy editor:

Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone > Automatic prompting for file downloads.

By default, this option is enabled for Sites in the Local intranet zone. If the Director Site is not in the Local intranet zone, consider manually adding the Site to this zone.