One of the good things about Windows Server versus XP is the number of connections that you can have. XP is limited to 10 connections, Server is not limited. XP is limited to a single console connection and no RDP, Server is limited to a single console connection and two other RDP connections (total of 3).
One of the bad things is that in order to get your server to allow more than 3 simultaneous connections you need to install, and license, terminal server. Then you need to convert the server to run in Application Mode. Lots o’ fun. Our company made the mistake of installing a proof-of-concept of terminal server on a non-domain controller and non-production server. The server then died. And in order to retrieve the licenses, we’d have to contact the fine folk over at Microshaft and explain the situation, then get the new license keys, and then create the new server, and then configure the other servers to run in application mode. And hope it all works.
So I did it the easy way – hack the termsrv.dll file.
FYI hacking Microsoft files is a breach of the terms of service agreement and license agreements with Microsoft. Do so at your own risk.
First I will post how I went about “hacking” said file and how to implement in your own environment.
Unfortunately I can’t post the hacked file due to legal issues. So there is no “hey, here’s the file if you’re lazy”.
Now I’ve only tested this on Windows Server 2003 standard and enterprise, R2 and regular. ALL 32bit. I’m sure it’ll work on 64bit, but we have no needs to allow more than even the single console session on our 64bit servers.
Download the following files:
Install the vpatch32 program (works on XP and Vista32/64)
Unzip the 2003tspatch.zip to find a PatchData.pat file
Copy the termsrv.dll file from your server’s WINDOWS\system32 folder to your desktop (easier to find, and you can’t patch an ‘in-use’ file)
Open vpatchprompt.exe located in %programfiles%\VPatch\
This will prompt you to find the PatchData.pat file you unzipped
Then it will prompt you to find the file you want to patch, in our case it’s the termsrv.dll residing on your desktop
Then choose a file name and the program will save the patched dll as this new name. I chose termsrvNEW.dll to keep it easy to locate.
Now the tricky part – because Windows has built-in protection for system files, we have to go about this in a trick-defeating manner.
On your server, locate the file in WINDOWS\system32\dllcache\termsrv.dll
Rename this file termsrvOLD.dll
Now locate the termsrv.dll file in WINDOWS\system32\
Rename this file termsrvOLD.dll as well
Copy the termsrvNEW.dll to WINDOWS\system32\
Rename this file to termsrv.dll
Windows will generally complain that a file has changed. Let the OS know who’s boss and that you want to keep the file. Now, reboot.
Test – if anything breaks you can always undo the files by using your old one again. If it all goes as planned, you can now have unlimited RDP connections to your server.
If you change the files and Windows changes them back, that’s the built-in security DEP of Windows. You may have to start in Safe-Mode (F8 before the black Windows Screen but after the BIOS) in order to edit these files.
***EDIT PT 2***
Before I could respond to a comment left by an anonymous internet troll, I did some extra research into the matter.
http://www.remkoweijnen.nl/blog/2008/12/09/windows-2003-x64-terminal-server-patch/ <--- apparently that will work on 64bit SP2 or R2 of Win2k3. I haven't tested it, so I won't comment further unless I need to apply this patch as well.