Patching termsrv.dll on Windows Server 2016 is a technique used to bypass the default limitation that allows only two concurrent Remote Desktop Protocol (RDP) sessions. While Windows Server naturally supports more sessions through the Remote Desktop Services (RDS) role, it requires valid Client Access Licenses (CALs); patching is often an unofficial workaround to avoid these licensing requirements or to enable concurrent sessions on non-server editions. Technical Mechanism of the Patch
The patch targets specific binary instructions within the termsrv.dll file (located in C:\Windows\System32) that check for session limits.
Byte Modification: Typically, a hex editor or script is used to find a specific pattern of bytes—such as 39 81 3C 06 00 00—and replace them with a sequence like B8 00 01 00 00 89 81 38 06 00 00 90.
Logical Bypass: This modification effectively forces the internal check for "maximum allowed sessions" to always return a value that permits additional users, rather than triggering a "disconnect existing user" prompt.
Service Interaction: For the patch to take effect, the Remote Desktop Service (TermService) must be stopped, and the administrator must take ownership of the system file from TrustedInstaller to gain write permissions. Popular Tools and Methods Several community-developed tools automate this process: Patching Microsoft's RDP service yourself - Sam Decrock
The "interesting feature" associated with patching termsrv.dll
on Windows Server 2016 is the ability to bypass the default limit on simultaneous Remote Desktop (RDP) sessions By modifying this specific system library, users can enable Multiple Concurrent RDP Sessions
on a single machine without requiring a Remote Desktop Services (RDS) license server or Client Access Licenses (CALs). Key Aspects of the termsrv.dll Breaking the Session Limit
: By default, Windows Server allows only two concurrent administrative RDP sessions. Patching termsrv.dll termsrv.dll patch windows server 2016
removes this hardcoded restriction, allowing many users to log in simultaneously Workstation-Style Behavior
: This patch is often used to make a Server OS (or even a Pro desktop version) behave like a terminal server, facilitating multi-user environments for small teams without the overhead of official RDS roles. System Integrity Risks
: Because this involves modifying a core Windows file, system updates or tools like sfc /scannow
will often detect the change as "file corruption" and revert it to the original, unpatched version Security & Compliance
: While technically possible, this method is a violation of Microsoft's licensing terms and can introduce security vulnerabilities by using unofficial third-party scripts to modify protected system files.
For a safer, official way to manage session limits, you can adjust settings within the Local Group Policy Editor
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections officially configure session limits using Group Policy instead?
Patching the termsrv.dll file in Windows Server 2016 is a technique used by administrators to bypass the default limit of two concurrent remote sessions for administrative tasks. While Windows Server editions are designed for multi-session use, standard installations require the Remote Desktop Services (RDS) role and paid Client Access Licenses (CALs) to support more than two simultaneous users. Understanding the termsrv.dll Patch Patching termsrv
The termsrv.dll file is the primary library for Remote Desktop Services in Windows. In non-server versions of Windows (like Windows 10 or 11), it restricts access to a single user. In Windows Server 2016, it natively allows two sessions. Patching involves using a HEX editor or a script to modify specific byte sequences in this file to remove these hard-coded session limits. How to Patch termsrv.dll for Windows Server 2016
Patching termsrv.dll is a common, though technically unsupported, method to bypass the default concurrent session limits in Windows Server 2016 and other Windows editions. While Windows Server 2016 naturally supports multiple administrative sessions, users often seek this patch to allow more than two simultaneous connections without the cost of Remote Desktop Services (RDS) licenses. What is termsrv.dll?
The termsrv.dll file, typically located in %SystemRoot%\System32\, is the core library for Terminal Services (Remote Desktop Services). It contains the logic that enforces Microsoft’s licensing and session limits. Why Patch termsrv.dll in Windows Server 2016?
By default, Windows Server 2016 allows up to two simultaneous administrative sessions. To allow more than two concurrent users, you typically must: Install the Remote Desktop Session Host role. Purchase and install RDS Client Access Licenses (CALs).
A termsrv.dll patch modifies the binary code of the file to ignore these enforcement checks, effectively "unlocking" unlimited concurrent sessions for free.
fabianosrc/TermsrvPatcher: Patch termsrv.dll so that ... - GitHub
About. Patch termsrv.dll so that multiple remote users can open an RDP session on a non-Windows Server computer. qwerity/windows10_multiuser_session - GitHub
This is a comprehensive guide on patching the termsrv.dll file on Windows Server 2016. The limit of 2 admin sessions remains unless
⚠️ Important Disclaimer Modifying system DLLs voids Microsoft support for the modified file and carries a risk of system instability. Always create a full system backup or a System Restore point before proceeding. This modification technically violates Microsoft’s Remote Desktop Services licensing terms if you do not own the appropriate RDS CALs (Client Access Licenses). This guide is intended for educational and lab/administrative convenience purposes only.
net start TermService
termsrv.dll patches exist, but they also violate licensing.If you need concurrent RDP sessions legally and reliably, consider:
For IT administrators, developers, and tech enthusiasts who manage Windows Server 2016 machines, one limitation stands out as a persistent thorn in the side: the stringent two concurrent Remote Desktop Protocol (RDP) session limit.
Windows Server 2016, by default, allows only two simultaneous administrative remote connections. This is by design—Microsoft intends this for light server management, not for multi-user access scenarios. However, in lab environments, development servers, legacy application hosting, or even small businesses on a budget, the need for more than two concurrent users arises frequently.
Enter the termsrv.dll patch—a community-driven, unofficial modification that has been a rite of passage for Windows Server administrators for generations (from Windows 2000 to Windows Server 2019). This article provides an exhaustive, technical, and practical guide to applying the termsrv.dll patch on Windows Server 2016, including what it is, how it works, step-by-step instructions, risks, alternatives, and post-patch management.
The termsrv.dll patch for Windows Server 2016 offers a tempting way to unlock unlimited concurrent RDP sessions without licensing costs. For homelabs, testing, and non-critical internal tools, it remains a popular workaround. However, production environments should never rely on this hack.
By following the step-by-step manual patching guide above—backing up files, using the correct hex pattern, and understanding the risks—you can safely remove the two-session limit. Just remember: every Windows Update may break the patch, and Microsoft’s licensing team will not forgive violations.
If you truly need multi-user RDP, budget for RDS CALs. But for the tinkerer and the budget-conscious lab admin, the termsrv.dll patch lives on as a clever, if unsanctioned, solution.