Windows Server 2012 / 2012 R2 - How to allow more than one connection to RDSH / RDP in Admin Mode without enabling RDSH?

Posted on 2014-08-11
Last Modified: 2014-09-01
With Windows 2012  / 2012 R2, the administration programs in the Administrative Tools menu for RDP / Term Server / Remote Desktop Session Host server are MISSING unless you install the Remote Desktop Session Host (RDSH) role.

How can you DISABLE the default setting of, "RESTRICT USERS TO A SINGLE SESSION" in RDP?  I find that when we have multiple administrators using the same account, it is EXTREMELY useful to NOT interrupt another admin when they are doing important work, and therefore it is necessary to DISABLE this default setting.  Since in ADMIN mode you are allowed (3) connections (2 RDP and 1 via console), it can be very easy to accidentally interrupt another admin.

Furthermore, NOT being able to disable this makes the operating system LESS STABLE since you could potentially interrupt another admin at a critical time and accidentally cause havoc.  Yes, best practice is to NOT share accounts, but this is not reality.  It happens, whether they include this tool or not.  And if you ADD the session host role to be able to accomodate this, you now are obliged to enable and install a LICENSE server or you are UNABLE to RDP to this server any longer unless you REMOVE the session host role and reboot.

How can we disable this default setting?  Setting a GPO is possible but extremely invconvenient...setting local policy is also the same.  I tried adding the SNAP IN for Remote Desktop Session host, but it is not avaiable.  I have seen other posts referencing RE-ADDING the old Windows 2008 R2 DLL for the Term Server admin program and adding entire registry keys to accomodate this, but this seems dangerous and likely to cause an issue.....

Are there any other ideas?
Question by:jkeegan123
    LVL 56

    Expert Comment

    by:Cliff Galiher
    There is just no good way to do this anymore (legally) and EE does not permit discussions sidestepping licensing restrictions. The answer is don't share accounts. That *is* reality and has been for some time. I can honestly say that creating each admin their own account Js a ten-second affair and there is ZERO legitimate reason not to. Yes, you could "get away" with it in 2008 R2. That has changed and for those that put off following best practices, now they have to if they want multiple admins logged in. That's the reality now.
    LVL 5

    Accepted Solution

    Sorry Cliff, I was not talking about enabling more than the allowed connections (by default it's 3, 2 RDP and 1 on the console)...I was talking about when you configure RDP in Windows 2003 / 2008 / 2008R2 and uncheck the box, "Allow each user only one logon" ... we have a lot of overlap where admins use same accounts and accidentally steal another's session, to get around that we usually just uncheck the "ONLY ALLOW EACH USER 1 CONNECTION" in Administrative tools -- Remote Desktop -- Remote Desktop Configuration.  In Windows 2012 / 2012R2 that configuration applet does not exist, so you're ALWAYS stealing another admin's session.  

    That is, until I figured out a way.  There are a lot of documented ways to bring back the OLD configuration console from 2008 R2, but I'm sure that the next service pack or something similar will break the legit (and legal) way to change this I have found is:

    REGEDIT and navigate to:  HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\
        Find REG_DWORD:  fSingleSessionPerUser
            Change default value of (1) to (0).

    This does not change the max # of sessions allowed, but it will allow ADMINISTRATOR (or any other user) to be logged in twice with 2 separate sessions.  This prevents other admins from stepping on other admins toes.  AND it's just polite :)
    LVL 5

    Author Closing Comment

    This solution solves the question asked.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Many things have changed in Windows Server 2012.  To setup the print server, you can use the old way through Control Panel / Hardware / View devices and printers > Add a printer in which the wizard will discover all the network printers for you to a…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now