Just tested some more:
When shadowing a session on the same server you must specify hServer and pServername can be empty string or nil.
When shadowing a session on another server you must specify nil for hServer and the remote computername (or IP) for pServername (actually the last method works for both local and remote, so it's easier to use that one always).

I will also test passing pServername to WinStationConnect, WinStationShadowStop is harder because this must be done from a third session (or indeed the shadowed session). Besides what's pServername for WinStationShadowStop, is it the server who's shadowing or the one being shadowed?

Just a though coming up: What if the user who's being shadowed can end the remote control when he or she wants to? That would be a nice feature. It would probably require running some kind of agent in the users session who monitors it's own session state and pops something up when being shadowed. From this popup there could be a "Stop shadowing me" button.

So results so far:
WinStationShadow: 100% working.
WinStationShadowStop: Not needed, just use hotkey to end remote control
WinStationConnectW: Banging my head on this one, I know I've had it working but I just don't get it right now.
Last parameter really seems a PWideChar, passing a value (pServername) to it gives as lasterror Handle is invalid.
When passing nil for the last parameter and passing handle or nil to hServer, the sessionID I want to control and LOGONID_CURRENT gives as LastError: SessionID not found.
Current prototype: function WinStationConnectW(hServer: HANDLE; ConnectSessionID: ULong; ActiveSession: ULong; pPassword: PWideChar; Unknown: PWideChar): boolean; NicoDE suggested in this thread: http://www.delphipraxis.net/internal...t.php?p=610883
Type
TFNWinStationConnectW = function(
hServer : THandle;
SessionId : ULONG;
TargetSessionId: ULONG;
pPassword : PWideChar; // use L"" instead of NULL
bWait : BOOLEAN
): BOOLEAN; stdcall;

Well, from my experience I'd trust Nico. He's at least as good of a reverse engineer as I am, if not better!

I can verify the first four parameters definitely. I cannot identify the last one from the W2K3 DLL since it uses again some RPC call via an internal function RpcWinStationConnect(). Probably Nico has some older version of the DLL which does not yet use this method and therefore makes it easier to identify this last parameter. Just go for Boolean as he suggests.

I'm still not able to call WinStationConnectW successfully. Because of the time schedule I will result in spawning tscon.exe from commandline and run in the context of an admin account for now.
NicoDE: in case you're reading, can you verify WinStationConnectW? Did you actually get it working?

Will be continued...

Sometimes people make stupid mistakes, or well at least I do .
Somewhere in the experimenting with the parameters I removed stdcall by accident, that's why it didn't work anymore. I just failed to notice it.

So the correct declaration for WinStationConnectW is:
function WinStationConnectW(hServer: Handle; SessionID: ULong; TargetSessionID: ULong; pPassword: PWideChar; bWait:Boolean): Boolean; stdcall; Where SessionID is the session you want to connect to (can be connected or disconnected) and TargetSessionID is the session to which you want to connect SessionID to (use LOGONID_CURRENT constant for your current session). pPassword cannot be nil, use PWideChar('') instead. If a password is required GetLastError returns 1326 (Logon failure: unknown user name or bad password). The Microsoft tools (eg TSAdmin) work this way, they first try empty password and popup a password dialog and try again if 1326 is returned.

I've attached a new version (v0.3) of WinSta.pas

[edit=SirThornberry]Delphi-Tags gesetzt - Mfg, SirThornberry[/edit]

You can also update the CVS version of JwaWinSta.pas, if you like