When performing RDS shadowing, by default, the user whose session is being shadowed has to consent to viewing and/or controlling his/her session. This behaviour can be changed with a group policy.
In your group policy (local or through domain), navigate to:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Find the policy called Set rules for remote control of Remote Desktop Services user sessions and configure it:
By default, only users with local admin rights on an RDS server can do session shadowing on that server.
To allow a particular user or group to allow shadowing, run this from a command prompt on the RDS server:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName="RDP-Tcp") CALL AddAccount "domain\group",2
In the command, replace domain\group with settings of your own. It's recommended to create a group specific for the job (e.g. RDS Shadowing) so you can run this command only once, and then add users to the group to allow them to shadow.
An Asterisk TAPI driver, which is actually usable on Terminal Server:
It's not freeware, but is absolutely affordable, and is usable on Terminal Server (multi-user profiles).
When running a Windows 2008 (R1) Terminal Services, and you connect with a RDP 7.1 client and try to shadow another session, it may happen that both clients get disconnected.
KB2523307 tells us that this is caused by RemoteFX being active when a new client is used.
A hotfix is available to address the issue, and can be requested via the KB.
EDIT: for your convenience, I've attached the hotfix (English only!), at least until Microsoft requests its removal...
If you're planning on running WordPerfect 9 on a Terminal Server, be sure to provide full access for your users on the registry key HKLM\Software\COREL (64-bit: HKLM\Software\Wow6432Node\COREL).
This fixes the Cannot initialize error when starting WP as a regular user.
Found this article, showing you how to lock down Firefox.
This is quite useful when deploying Firefox on, for instance, a Terminal Server.