Description of the environment used for the tools used in this tutorial:
Launcher development tool: VS2022
Client technology used for launcher: .NET 8 + WPF
Other technologies of the launcher: DPAPI
Executable program released by the launcher, system requirements: Windows 7 and above, X64
If you need this program, you can get it on the netbook. Netdisk address:
link (on a website): https:///s/1QPstE5-1zPK-qOp8GQ90ew?pwd=6666 Extract code: 6666
The next step is a tutorial on how to use the tool.
First, set up the registry on the remote server. The path is as follows: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
As you can see below, there's not much in there at the moment.
You can do this with the current tool, open the RemoteShadowApp program on top of the server and click on Set Registry to see that the registry has been created automatically. This allows you to quickly set up the registry directly.
Of course, if you don't want to run it on the server, you can also set it manually. Create a registry, create a DWORD key-value pair with the name fAllowUnlistedRemotePrograms and set the corresponding value to 1. If you think it's too much trouble, you can set it directly with the tool above, and the result will be the same.
On top of the local machine, you can access the program of the target server remotely. The procedure is as follows:
For example, I want to open a Notepad++ program on a remote desktop.
I needed to get the IP of the server, the username and password to log in, and the absolute path to the startup program for NotePad++, such as shown below. I didn't do the remember information function, so you can also create a notepad or something to store your remote program information, so it's easy to paste it in and fill it out. After you've entered all the information, click the [Open Remote Program] button.
Note: If the remote server has software such as 360, it may limit your permissions, for example, it has been stuck in this interface
At this moment you need to tap Show details, you can see that there is a Login button, click Login. This will only appear on some remote servers, if the machine does not have some restrictions or security software, this step will not appear. It is only necessary to do this if this phenomenon occurs.
Opened remote notepad++ program, the effect is shown in the figure.
Then we open the remote server and see the phenomenon. Specifically, the effect shown in the figure.
Support for opening multiple remote programs, for example, I am now opening a console program service that I previously wrote myself at the following address
In the program just now, change the startup path to the console service path above, and then start it. You can see that the startup is successful. And it can coexist with the previous notepad program.
Similarly, there are no console program pages on the server, but there are processes. The console program also uses server resources, not local resources.
If you don't need anything at the moment, you can exit the launcher. Exiting the launcher has no effect on the remote programs already open. The launcher is only used to provide the remote program role, no other functions.
Launcher core functions, mainlyDPAPI encryption functionDPAPI (Data Protection Application Programming Interface) is an API provided by Microsoft to help secure data and simplify the process of encrypting data on the Windows platform.DPAPI provides a system-level encryption service that features no need for the application to handle the storage and protection of encryption keys on its own.DPAPI is primarily used to protect sensitive information such as passwords, keys and other personal or system data.
The code shown below, I have also integrated this functionality on my open source project. Here I use it directly within this program to encrypt. The password must be encrypted in order to be recognized by the remote server.
The following is the DPAPI specific encryption and decryption process:
/// <summary> /// encrypted data /// </summary> /// <param name="dataToEncrypt"></param> /// <returns></returns> public static string EncryptData(string dataToEncrypt) { try { byte[] secret = (dataToEncrypt); byte[] encryptedSecret = (secret, additionalEntropy, ); string res = ; foreach (byte b in encryptedSecret) { res += ("X2"); } return res; } catch (Exception ex) { ("Anomaly during encryption: " + ); return null; } } /// <summary> /// decrypted data /// </summary> /// <param name="dataToDecrypt"></param> /// <returns></returns> public static string DecryptData(string hexEncryptedData) { try { byte[] dataToDecrypt = ConvertHexStringToByteArray(hexEncryptedData); byte[] decryptedData = (dataToDecrypt, null, ); return (decryptedData); } catch (Exception ex) { ("Exception during decryption: " + ); return null; } }
The place to set the registry is also a very simple piece of code written to death for reference
// Specify the path to the registry key string registryPath = @"SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"; // Modify the path as needed string valueName = " fAllowUnlistedRemotePrograms"; // Registry item name try { // Create or open the specified registry key using (RegistryKey key = (registryPath)) { if (key ! = null) { // Set the value to DWORD32 and assign it to 1 (valueName, 1, ); ("The registry key was created and assigned successfully.") ; } else { ("Unable to create registry.") ; } } } catch (UnauthorizedAccessException) { ("You do not have permission to set the registry, please run the program as an administrator.") ; } } catch (Exception ex) { ($"An error occurred setting the registry: {}"); }
Description of the environment used for the tools used in this tutorial:
Launcher development tool: VS2022
Client technology used for launcher: .NET 8 + WPF
Other technologies of the launcher: DPAPI
Executable program released by the launcher, system requirements: Windows 7 and above, X64
If you need this program, you can get it on the netbook. Netdisk address:
File shared via Netflix: RemoteShadowApp.7z Link: /s/1QPstE5-1zPK-qOp8GQ90ew?pwd=6666 Extract code: 6666
The next step is a tutorial on how to use the tool.
First, set up the registry on the remote server. The path is as follows: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
As you can see below, there's not much in there at the moment.
You can do this with the current tool, open the RemoteShadowApp program on top of the server and click on Set Registry to see that the registry has been created automatically. This allows you to quickly set up the registry directly.
Of course, if you don't want to run it on the server, you can also set it manually. Create a registry, create a DWORD key-value pair with the name fAllowUnlistedRemotePrograms and set the corresponding value to 1. If you think it's too much trouble, you can set it directly with the tool above, and the result will be the same.
On top of the local machine, you can access the program of the target server remotely. The procedure is as follows:
For example, I want to open a Notepad++ program on a remote desktop.
I needed to get the IP of the server, the username and password to log in, and the absolute path to the startup program for NotePad++, such as shown below. I didn't do the remember information function, so you can also create a notepad or something to store your remote program information, so it's easy to paste it in and fill it out. After you've entered all the information, click the [Open Remote Program] button.
Note: If the remote server has software such as 360, it may limit your permissions, for example, it has been stuck in this interface
At this moment you need to tap Show details, you can see that there is a Login button, click Login. This will only appear on some remote servers, if the machine does not have some restrictions or security software, this step will not appear. It is only necessary to do this if this phenomenon occurs.
Opened remote notepad++ program, the effect is shown in the figure.
Then we open the remote server and see the phenomenon. Specifically, the effect shown in the figure.
Support for opening multiple remote programs, for example, I am now opening a console program service that I previously wrote myself at the following address
In the program just now, change the startup path to the console service path above, and then start it. You can see that the startup is successful. And it can coexist with the previous notepad program.
Similarly, there are no console program pages on the server, but there are processes. The console program also uses server resources, not local resources.
If you don't need anything at the moment, you can exit the launcher. Exiting the launcher has no effect on the remote programs already open. The launcher is only used to provide the remote program role, no other functions.
Launcher core functions, mainlyDPAPI encryption functionDPAPI (Data Protection Application Programming Interface) is an API provided by Microsoft to help secure data and simplify the process of encrypting data on the Windows platform.DPAPI provides a system-level encryption service that features no need for the application to handle the storage and protection of encryption keys on its own.DPAPI is primarily used to protect sensitive information such as passwords, keys and other personal or system data.
The code shown below, I have also integrated this functionality on my open source project. Here I use it directly within this program to encrypt. The password must be encrypted in order to be recognized by the remote server.
The following is the DPAPI specific encryption and decryption process:
/// <summary> /// encrypted data /// </summary> /// <param name="dataToEncrypt"></param> /// <returns></returns> public static string EncryptData(string dataToEncrypt) { try { byte[] secret = (dataToEncrypt); byte[] encryptedSecret = (secret, additionalEntropy, ); string res = string.Empty; foreach (byte b in encryptedSecret) { res += ("X2"); } return res; } catch (Exception ex) { ("Exception during encryption." + ); return null; } } /// <summary> /// decrypted data /// </summary> /// <param name="dataToDecrypt"></param> /// <returns></returns> public static string DecryptData(string hexEncryptedData) { try { byte[] dataToDecrypt = ConvertHexStringToByteArray(hexEncryptedData); byte[] decryptedData = (dataToDecrypt, null, ); return (decryptedData); } catch (Exception ex) { ("Exception during decryption." + ); return null; } }
The place to set the registry is also a very simple piece of code written to death for reference
// Specify the path to the registry key string registryPath = @"SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"; // Modify the path as needed string valueName = "fAllowUnlistedRemotePrograms"; // Registry Entry Name try { // Create or open the specified registry key using (RegistryKey key = (registryPath)) { if (key != null) { // Set the value to DWORD32 type and assign to 1 (valueName, 1, ); ("The registry key has been created and assigned a value successfully."); } else { ("Unable to create a registry."); } } } catch (UnauthorizedAccessException) { ("You do not have permission to set the registry, please run the program as administrator."); } catch (Exception ex) { ($"An error occurred setting up the registry: {}"); }
Afterword: The remote program opened by this tool supports LAN and extranet, as long as you can access the server or computer via remote desktop, you can start it in this way.
If the above has helped you, feel free to like, in watch, retweet and leave a comment. Thank you for your support. Also welcome to pay attention to the public number: [Dotnet Dancer