rdp

Terminal Services in Windows 8.1 and 10

James

5 min read
Terminal Services in Windows 8.1 and 10

This has been written about a dozen or more times in various places, but I'm re-hashing it all here mostly for my own record, and to keep it all together. In addition to simply updating the Terminal Services libraries, I've also included information relating to doing so remotely... the commands required for remote service management and resolving issues accessing admin shares.

How to Allow Multiple RDP Sessions in Windows 10

Like in previous client versions of Microsoft operation systems, Windows 10 Pro and Enterprise users can connect to their computers remotely using Remote Desktop service (RDP). There is a restriction on the number of simultaneous RDP sessions: only one remote user can work at a time. When you try to open a second RDP session, the session of the first user is prompted to be closed.

Another user is signed in. If you continue, they’ll be disconnected. Do you want to sign in anyway?

Actually, the number of simultaneous RDP connections is limited rather by the license, which does not allow to create an RDP server based on the workstation for use by several users, than by any technical aspect.

Tip. In Windows 10 Home editions, the incoming remote desktop connections are forbidden at all. The problem, however, can be solved using RDP Wrapper Library.

Let’s consider two ways how to eliminate the restriction of simultaneous RDP connections to Windows 10:

  • The Modification of termsrv.dll
  • Installing the "RDP Wrapper Library"

Note. System modifications described in the article will be probably treated as a violation of Microsoft License Agreement with all the consequences that come with it.

Things to remember before editing anything:

  1. You may have to change owner of termsrv.dll from TrustedInstaller to Administrators;
  2. You will need to stop Remote Desktop Services (in Services MMC); (You won't need to reboot after changes, just re-start the Service)

Of course, anyone doing this should be paranoid and:

  1. Create restore point before doing anything else;
  2. Take a backup of your current termsrv.dll to restore if it goes wrong;
  3. Export a copy of the registry before editing it;

If you're configuring a remote machine, you may need to stop/start the services using command-line as connecting your services control panel to remote machines requires special permissions.

The following command-line will stop the terminal services (Remote Desktop Services) service:
sc \\machine stop TermService

Windows 8 / 8.1

Thanks to @neurodyne and this link for updated instructions

This works with the following versions of termsrv.dll

x64 - termsrv.dll - 6.3.9600.17095

FindReplace with
39813C0600000F849E310500B80001000089813806000090
090085C07F078BD8090085C090908BD8
BB01000000C7BB00000000C7

x86 - termsrv.dll - 6.3.9600.17095

FindReplace
3B81200300000F84C0EC0100B80001000089812003000090
837DF8007415837DF800EB15
8D442428438D44242890

Windows 10

Windows 10 x64 RTM (August 2015)

termsrv.dll file version 10.0.10240.16384.

In termsrv.dll find:
39 81 3C 06 00 00 0F 84 73 42 02 00

and replace it with:
B8 00 01 00 00 89 81 38 06 00 00 90

Patched version can be downloaded from here. Original, untouched version of termsrv.dll v10.0.10240.16384 can be downloaded from here.

Windows 10 x64 Threshold 2 (November 2015)

Windows 10 Fall Update (also called "Threshold Wave 2 Update") updates termsrv.dll to version 10.0.10586.0. To get back concurrent remote desktop connections, make following changes:

Find:
39 81 3C 06 00 00 0F 84 3F 42 02 00

and replace with:
B8 00 01 00 00 89 81 38 06 00 00 90

RDP Wrapper Library

The alternative to termsrv.dll file modification is the use of RDP Wrapper Library project. This software serves as a layer between SCM (Service Control Manager) and Terminal Services and allows not only to enable the support of several simultaneous RDP sessions but also to enable the support of RDP Host on Windows 10 Home editions. RDP Wrapper does not make any changes to termsrv.dll file, it just load termsrv with the changed parameters.

Thus, this solution will work even in case of termsrv.dll file update. It allows not to be afraid of Windows updates.

RDP Wrapper can be downloaded from GitHub repository: https://github.com/binarymaster/rdpwrap/releases (the last version available is RDP Wrapper Library v1.6)

Tip. By the way, RDP Wrapper Library source code is also available. It means that if required, you can compile executables by yourself.

RDPWrap-v1.6.zip archive contains some files:

  • RDPWinst.exe — an RDP Wrapper Library install/uninstall program
  • RDPConf.exe — an RDP Wrapper configuration utility
  • RDPCheck.exe — Local RDP Checker — an RDP check utility
  • install.bat, uninstall.bat, update.bat — batch files for installation, uninstallation and update of RDP Wrapper
RDPWrap-v1.6

To install the utility, run install.bat with the Administrator privileges.

Installation

Install RDP Wrapper Library

When the installation is over, run RDPConfig.exe. Make sure that all elements in Diagnostics section are green.

Configuration Utility

Try to open the second RDP session. It worked out well! Now, our Windows 10 allows two users to start RDP sessions simultaneously.

Accessing a remote machine via admin shares ($)

If you are attempting to access (either with PDQ Inventory or PDQ Deploy) a Windows 7, Windows 8, Vista or Server 2008 computer you may get the" Access Denied - Failed to connect to ADMIN$ share" error , even when supplying the appropriate local user credentials that have Administrator access. If the target computer is not a member of a Windows 2003 or later Domain then this is most likely because the target system has Remote UAC enabled. Remote UAC prevents local administrative accounts from accessing ADMIN$. (more appropriately Remote UAC prevents local accounts from running in an elevated mode when connecting from the network) If you need to be able to access the ADMIN$ using a local account then you will need to disable Remote UAC. You can accomplish this by editing the registry.

Assuming you have all your other ducks in a row (Firewall exceptions, appropriate credentials of local administrative user, etc) then you just need to add a quick entry in the registry of the target computer. In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.

A reboot will be necessary.

Connecting to a remote machine with a local Microsoft Live Account

Microsoft has completely changed the format of the RDC login user name on the (remote) Windows 8 Pro machine. When I set up the Win8 box I allowed it to create the "Microsoft Account" it asks for in the setup screen with an email address I already have, like [email protected]. With Windows 7 when logging into RDC you would simply use the user name on the remote box for the "User Name" field, then enter the remote box password. Well now if the remote Windows 8 box is setup with a Microsoft account, the format for the RDC user name is this:

MicrosoftAccount\[email protected]

Further reading:

http://support.microsoft.com/kb/942817
http://support.microsoft.com/kb/951016

References

https://gist.github.com/diego898/6871478

http://www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10

http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/

http://support.adminarsenal.com/entries/20828513-Can-t-access-ADMIN-share-using-a-local-user-account

http://www.eightforums.com/network-sharing/17078-solved-remote-desktop-connection-credentials-failed.html

Sign up for more like this.

Enter your email
Subscribe