Terminal Services in Windows 8.1 and 10
This has been written about a dozen or more times in various places, but I'm re-hashing it all here mostly for my own record, and to keep it all together. In addition to simply updating the Terminal Services libraries, I've also included information relating to doing so remotely... the commands required for remote service management and resolving issues accessing admin shares.
How to Allow Multiple RDP Sessions in Windows 10
Like in previous client versions of Microsoft operation systems, Windows 10 Pro and Enterprise users can connect to their computers remotely using Remote Desktop service (RDP). There is a restriction on the number of simultaneous RDP sessions: only one remote user can work at a time. When you try to open a second RDP session, the session of the first user is prompted to be closed.
Another user is signed in. If you continue, they’ll be disconnected. Do you want to sign in anyway?
Actually, the number of simultaneous RDP connections is limited rather by the license, which does not allow to create an RDP server based on the workstation for use by several users, than by any technical aspect.
Tip. In Windows 10 Home editions, the incoming remote desktop connections are forbidden at all. The problem, however, can be solved using RDP Wrapper Library.
Let’s consider two ways how to eliminate the restriction of simultaneous RDP connections to Windows 10:
- The Modification of termsrv.dll
- Installing the "RDP Wrapper Library"
Note. System modifications described in the article will be probably treated as a violation of Microsoft License Agreement with all the consequences that come with it.
Things to remember before editing anything:
- You may have to change owner of termsrv.dll from
TrustedInstallertoAdministrators; - You will need to stop Remote Desktop Services (in Services MMC); (You won't need to reboot after changes, just re-start the Service)
Of course, anyone doing this should be paranoid and:
- Create restore point before doing anything else;
- Take a backup of your current termsrv.dll to restore if it goes wrong;
- Export a copy of the registry before editing it;
If you're configuring a remote machine, you may need to stop/start the services using command-line as connecting your services control panel to remote machines requires special permissions.
The following command-line will stop the terminal services (Remote Desktop Services) service:
sc \\machine stop TermService
Windows 8 / 8.1
Thanks to @neurodyne and this link for updated instructions
This works with the following versions of termsrv.dll
x64 - termsrv.dll - 6.3.9600.17095
| Find | Replace with |
|---|---|
| 39813C0600000F849E310500 | B80001000089813806000090 |
| 090085C07F078BD8 | 090085C090908BD8 |
| BB01000000C7 | BB00000000C7 |
x86 - termsrv.dll - 6.3.9600.17095
| Find | Replace |
|---|---|
| 3B81200300000F84C0EC0100 | B80001000089812003000090 |
| 837DF8007415 | 837DF800EB15 |
| 8D44242843 | 8D44242890 |
Windows 10
Windows 10 x64 RTM (August 2015)
termsrv.dll file version 10.0.10240.16384.
In termsrv.dll find:
39 81 3C 06 00 00 0F 84 73 42 02 00
and replace it with:
B8 00 01 00 00 89 81 38 06 00 00 90
Patched version can be downloaded from here. Original, untouched version of termsrv.dll v10.0.10240.16384 can be downloaded from here.
Windows 10 x64 Threshold 2 (November 2015)
Windows 10 Fall Update (also called "Threshold Wave 2 Update") updates termsrv.dll to version 10.0.10586.0. To get back concurrent remote desktop connections, make following changes:
Find:
39 81 3C 06 00 00 0F 84 3F 42 02 00
and replace with:
B8 00 01 00 00 89 81 38 06 00 00 90
RDP Wrapper Library
The alternative to termsrv.dll file modification is the use of RDP Wrapper Library project. This software serves as a layer between SCM (Service Control Manager) and Terminal Services and allows not only to enable the support of several simultaneous RDP sessions but also to enable the support of RDP Host on Windows 10 Home editions. RDP Wrapper does not make any changes to termsrv.dll file, it just load termsrv with the changed parameters.
Thus, this solution will work even in case of termsrv.dll file update. It allows not to be afraid of Windows updates.
RDP Wrapper can be downloaded from GitHub repository: https://github.com/binarymaster/rdpwrap/releases (the last version available is RDP Wrapper Library v1.6)
Tip. By the way, RDP Wrapper Library source code is also available. It means that if required, you can compile executables by yourself.
RDPWrap-v1.6.zip archive contains some files:
RDPWinst.exe— an RDP Wrapper Library install/uninstall programRDPConf.exe— an RDP Wrapper configuration utilityRDPCheck.exe— Local RDP Checker — an RDP check utilityinstall.bat,uninstall.bat,update.bat— batch files for installation, uninstallation and update of RDP Wrapper
RDPWrap-v1.6
To install the utility, run install.bat with the Administrator privileges.
Install RDP Wrapper Library
When the installation is over, run RDPConfig.exe. Make sure that all elements in Diagnostics section are green.
Try to open the second RDP session. It worked out well! Now, our Windows 10 allows two users to start RDP sessions simultaneously.
Accessing a remote machine via admin shares ($)
If you are attempting to access (either with PDQ Inventory or PDQ Deploy) a Windows 7, Windows 8, Vista or Server 2008 computer you may get the" Access Denied - Failed to connect to ADMIN$ share" error , even when supplying the appropriate local user credentials that have Administrator access. If the target computer is not a member of a Windows 2003 or later Domain then this is most likely because the target system has Remote UAC enabled. Remote UAC prevents local administrative accounts from accessing ADMIN$. (more appropriately Remote UAC prevents local accounts from running in an elevated mode when connecting from the network) If you need to be able to access the ADMIN$ using a local account then you will need to disable Remote UAC. You can accomplish this by editing the registry.
Assuming you have all your other ducks in a row (Firewall exceptions, appropriate credentials of local administrative user, etc) then you just need to add a quick entry in the registry of the target computer. In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.
A reboot will be necessary.
Connecting to a remote machine with a local Microsoft Live Account
Microsoft has completely changed the format of the RDC login user name on the (remote) Windows 8 Pro machine. When I set up the Win8 box I allowed it to create the "Microsoft Account" it asks for in the setup screen with an email address I already have, like 123456@mydomain.com. With Windows 7 when logging into RDC you would simply use the user name on the remote box for the "User Name" field, then enter the remote box password. Well now if the remote Windows 8 box is setup with a Microsoft account, the format for the RDC user name is this:
MicrosoftAccount\123456@mydomain.com
Further reading:
http://support.microsoft.com/kb/942817
http://support.microsoft.com/kb/951016
References
https://gist.github.com/diego898/6871478
http://www.mysysadmintips.com/windows/clients/545-multiple-rdp-remote-desktop-sessions-in-windows-10
http://woshub.com/how-to-allow-multiple-rdp-sessions-in-windows-10/
http://support.adminarsenal.com/entries/20828513-Can-t-access-ADMIN-share-using-a-local-user-account