How to Enable Multiple RDP Connections on Windows 11
By default, Windows 11 Pro and Enterprise restrict Remote Desktop Protocol (RDP) to a single active session. When a second user connects, the first gets immediately disconnected. Importantly, this is a licensing restriction — not a technical one. Therefore, for IT teams managing shared workstations or parallel admin sessions, this creates real operational friction. Fortunately, several methods exist to address it.
Why Windows 11 Limits RDP Sessions
The termsrv.dll service enforces the single-session limit at the OS level. Specifically, two configuration layers control this behaviour: Group Policy settings under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services, and registry values at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. However, modifying these alone is insufficient — you must also address termsrv.dll directly. On Windows 11, cumulative updates replace this binary more frequently than on Windows 10, which consequently increases the maintenance overhead of any workaround approach.
Method 1: RDP Wrapper Library
The RDP Wrapper Library is an open-source tool that intercepts calls to termsrv.dll and removes the concurrent session restriction without modifying the binary directly. Essentially, it installs as a service layer between the Remote Desktop host service and termsrv.dll.
Deployment steps:
- First, download the latest release from the official GitHub repository
- Then run
install.batas Administrator - Next, open
RDPConf.exeand confirm Wrapper State shows Installed and Listening - If Not Supported appears, update
rdpwrap.inito match your current Windows 11 build - Finally, in Group Policy, set Limit number of connections above 1
Best for: Internal dev/test machines with low compliance exposure
Key drawback: Windows 11 cumulative updates replace termsrv.dll frequently, so you must re-validate the wrapper after every update cycle. Additionally, the tool is not code-signed and may consequently conflict with application whitelisting policies.
Method 2: Group Policy and Registry Configuration
For domain-joined environments, combining Group Policy with registry edits provides a centrally manageable, scriptable approach. However, these configuration changes alone will not enable multiple sessions — you must still address termsrv.dll.
Registry values to modify:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections→ set to0HKLM\...\WinStations\RDP-Tcp\MaxInstanceCount→ set to2or higher
In Group Policy, navigate to Remote Desktop Session Host > Connections and set Restrict Remote Desktop Services users to a single Remote Desktop Services session to Disabled.
Once you complete these steps, apply a build-matched patched termsrv.dll. Community-maintained versions are available via the RDP Wrapper GitHub repository. Always verify concurrent access before closing your session — otherwise, an incorrectly applied DLL can lock remote access entirely.
Best for: Domain-joined fleets where central policy management is required and compliance obligations are limited.
Key drawback: As with Method 1, each cumulative update requires re-patching termsrv.dll. Therefore, for large fleets, this maintenance burden grows significantly over time. For Windows 10 environments, see our guide on Concurrent Remote Desktop Access on Windows 10.
Method 3: Windows Server Remote Desktop Services
Windows Server Remote Desktop Services (RDS) is the fully licensed, architecturally supported solution for concurrent RDP on Windows-based infrastructure. Unlike the previous methods, RDS provides formal Microsoft licensing, native Active Directory integration, and full audit capability. For a full infrastructure breakdown, see Windows Server Remote Desktop Services — Deployment Architecture.
Licensing requirements:
- Windows Server Standard or Datacenter licence
- RDS Client Access Licences (CALs) — Per User or Per Device; see Microsoft Volume Licensing for full details
Key architecture components:
- RDSH — centralised application and desktop delivery
- RD Gateway — HTTPS-encrypted access without exposing RDP ports
- Connection Broker — load balancing across session hosts
- RD Web Access — browser-based session initiation
Best for: Three or more concurrent users; SOC 2, ISO 27001, PCI DSS, or HIPAA environments; additionally, any scenario requiring full Microsoft support. Further guidance is available in the official Microsoft RDS documentation.
Method 4: Third-Party Remote Access Tools
Enterprise tools such as AnyDesk for Business and TeamViewer Tensor support unattended, concurrent remote access to Windows 11 machines without any OS-level modification. As a result, these tools require no changes to termsrv.dll or Group Policy and operate via encrypted proprietary protocols instead.
Best for: Cross-platform or unattended access scenarios, or where RDP infrastructure changes are out of scope.
Key drawback: Subscription costs and compliance posture vary by vendor.
Method 5: VPS or Dedicated Server Hosting
For distributed workforces or high-concurrency requirements, migrating to a hosted VPS or Dedicated Server running Windows Server delivers the most resilient platform. Furthermore, this approach decouples remote access from physical hardware, enables full RDS deployment, and supports high availability with built-in disaster recovery. For guidance on choosing between options, see Dedicated Server vs VPS — Choosing the Right Remote Access Infrastructure.
Best for: Five or more concurrent users; compliance-regulated environments; MSPs and SaaS teams.
Quick Comparison
| Method | Best For | Compliance | Cost |
|---|---|---|---|
| RDP Wrapper | Dev/test, small teams | Not recommended | Free |
| Group Policy + Registry | Domain-joined fleets | Partial | Free |
| Windows Server RDS | Enterprise, regulated | Full | Medium–High |
| Third-Party Tools | Cross-platform access | Vendor-dependent | Varies |
| VPS / Dedicated Server | Remote workforce, MSPs | Configurable | Scalable |
Security Best Practices
Regardless of which method you choose, always apply the following controls:
- Maintain Network Level Authentication (NLA) — enforced by default on Windows 11; govern it via Group Policy. See Microsoft’s Remote Desktop configuration guidance for further detail
- Never expose port 3389 directly to the internet — instead, route traffic through a VPN, RD Gateway, or Zero Trust framework
- Enforce MFA for all accounts with remote access privileges
- Log all sessions via Windows Event Viewer (Event IDs 4624, 4634, 4778, 4779) and subsequently route logs to a SIEM in regulated environments
- Manage Remote Desktop Users group membership through Active Directory or Azure AD rather than local machine configuration
Frequently Asked Questions
Using RDP Wrapper to bypass the session limit may violate Microsoft’s licensing agreement. The restriction is a licensing boundary, not a technical one. Organisations with compliance obligations should obtain Windows Server licences with RDS CALs. See Microsoft Volume Licensing for details.
Typically two to four, before CPU, RAM, and storage I/O become the limiting factor. For five or more users, Windows Server RDS is the correct platform.
Not always. Each cumulative update may replace termsrv.dll, requiring re-validation of the wrapper and an updated rdpwrap.ini file. Community-maintained ini files are available via the RDP Wrapper GitHub repository.
Remote Assistance shares an existing session. Multiple RDP sessions give each user an independent, isolated desktop environment on the same machine simultaneously.
Migration to dedicated server hosting for RDP becomes the logical next step when concurrent session counts exceed three to four users, when compliance frameworks such as SOC 2, ISO 27001, or PCI DSS require formal audit trails and session recording, or when the overhead of maintaining Windows 11 workarounds across update cycles outweighs the cost of purpose-built infrastructure. At that point, a hosted Dedicated Server or VPS running Windows Server with Remote Desktop Services delivers the scalability, reliability, and governance posture that growing teams require — without the recurring maintenance burden of patching termsrv.dll after every cumulative update.
Conclusion
Enabling multiple RDP connections on Windows 11 is achievable through several approaches. For development and test environments, the RDP Wrapper Library offers a fast, cost-free starting point. However, because Windows 11 replaces termsrv.dll more frequently than Windows 10, both wrapper-based and GPO/registry methods carry an increasing maintenance burden over time.
Similarly, Group Policy and registry modifications provide central configuration control for domain-joined fleets, although they do not fully resolve the session limit without additional steps. As such, neither method alone is sufficient where reliability and compliance are priorities.
Consequently, organisations approaching three or more concurrent users — or operating under compliance frameworks such as SOC 2 or ISO 27001 — should instead move to Windows Server RDS, a VPS, or a Dedicated Server. Ultimately, these platforms eliminate the recurring patching overhead and deliver the scalability, reliability, and audit capability that growing teams require.
