How do I set up multiple RDP users on Windows Server?


If you want several people to sign into the same Windows Server at the same time over Remote Desktop (RDP), you’ll need more than just “turning on Remote Desktop.” Windows Server supports multiple simultaneous interactive sessions; however, to do so properly and legally, you should deploy Remote Desktop Services (RDS) and configure licensing, user access, and security. Below is a step-by-step guide that walks you through the process and the key things to know.

Quick overview (what you need to know first)

  • Two administrative RDP sessions are available by default for server administration without installing RDS. To allow multiple non-admin users to concurrently install Remote Desktop Session Host (RD Session Host) and configure a Remote Desktop Licensing server with RDS CALs (Client Access Licenses). Server Fault+1

  • The number of simultaneous sessions is limited by licenses and by the server’s CPU/RAM. RDS CALs are issued per user or per device by the license server. Microsoft Learn+1

Prerequisites

  1. Windows Server edition (e.g., 2019/2022) - connected to the domain if you plan to use Active Directory accounts (recommended for multi-user environments).

  2. Administrative access to the server(s).

  3. Network and firewall rules allowing RDP (TCP 3389) and RDS role traffic. (If you expose RDP to the internet, plan an RD Gateway and MFA.)

  4. RDS CALs purchased/available for the number of users or devices that will connect. You’ll install those on an RD Licensing server. Microsoft Learn+1

Step 1 — Create user accounts

Domain environment (recommended):

  • In Active Directory Users and Computers, create regular user accounts or groups for the people who need RDP access.

Workgroup / single server:

  • Create local user accounts via Computer Management → Local Users and Groups → Users.

Tip: Use groups (e.g., RDP_Users) so you can grant access to many people at once.

Step 2 — Allow those users to use Remote Desktop

You must explicitly grant the users the right to log on via Remote Desktop:

GUI method:

  1. Open Server Manager → Local Server and enable Remote Desktop (or go to System Properties → Remote).

  2. Click Select Users… and add the domain/group or local users you created.

Command-line / script:

# Add domain user to Remote Desktop Users group (run as admin)
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "DOMAIN\UserName"

Microsoft provides multiple methods (GUI, WMI, scripts) to add users to RDP permissions. Microsoft Learn

Step 3 — Decide whether you need RD Session Host (you probably do)

If you only need the built-in administrative RDP access for 1–2 admins, you can stop here. But for multiple standard user sessions (like remote workers or multiple app sessions), install the Remote Desktop Services role and specifically the RD Session Host role service. The standard deployment path in Server Manager guides you through selecting RD Connection Broker, RD Web Access, and RD Session Host servers for a full deployment. Microsoft Learn+1

Basic steps (Server Manager → Add Roles and Features):

  1. Choose Remote Desktop Services installationStandard deploymentSession-based desktop.

  2. Assign which server will be the RD Session Host (and which will host RD Licensing, RD Connection Broker, etc.).

  3. Complete the deployment and reboot if prompted.

If you run a small single-server workgroup, Microsoft and vendors have guidance for setting up RD Session Host without a Connection Broker. Microsoft Learn+1

Step 4 — Set up Remote Desktop Licensing

  1. Install the Remote Desktop Licensing role (on a separate server or the same server in small environments).

  2. Activate the license server in the Licensing Manager and install your RDS CALs (per-user or per-device).

  3. Configure your RD Session Host(s) to use that license server (via Server Manager → RD Licensing Manager / RD Session Host configuration).
    Without this, non-admin users will be restricted (and you may hit the 2-session admin limit). Microsoft Learn+1

Step 5 — Harden security (do this before you open RDP widely)

  • Enable Network Level Authentication (NLA) — requires authentication before a full remote session is created.

  • Use RD Gateway for secure, TLS-encrypted access from the internet and to avoid exposing port 3389 directly.

  • Enforce MFA (via RD Gateway + MFA provider or Azure AD) for remote users.

  • Limit who can log on via Remote Desktop and use Group Policy to restrict access where possible. Microsoft Learn

Step 6 — Test and monitor

  • Connect with mstsc.exe (Remote Desktop Connection) using a test user account.

  • On the RD Session Host, use Task Manager or qwinsta/query session to view active sessions.

  • Confirm that the RD Licensing server issues CALs and that the number of concurrent sessions matches your licensing. If sessions are refused, check licensing event logs and the RD Licensing Diagnoser in Server Manager. Microsoft Learn

Troubleshooting — common gotchas

  • “Only two RDP sessions allowed” — this indicates you’re using the default administrative remote desktop access or you haven’t set up RDS licensing; install RD Session Host + Licensing for more users. Server Fault

  • Licensing errors — ensure the RD Session Host can locate and contact the license server and that CALs are activated/installed. Use the RD Licensing Diagnoser. Microsoft Learn

  • User not allowed to log in — verify the user is in the Remote Desktop Users group (local or via Group Policy), and check the “Deny log on through Remote Desktop Services” policy isn’t blocking them. Microsoft Learn

Performance & sizing tips

  • Each RDP session consumes memory and CPU. A typical lighter session might use 150–300 MB RAM plus whatever apps the user runs—plan server RAM and CPU accordingly. In larger deployments, use multiple RD Session Host servers and load-balance with RD Connection Broker. (Vendor and Microsoft performance guides can help size hardware.) Windows OS Hub+1

Summary / Checklist

  • Create user accounts (preferably in AD) and add them to a dedicated RDP group.

  • Enable Remote Desktop and grant permission to the RDP group.

  • Install RD Session Host (for multi-user sessions). Microsoft Learn

  • Deploy an RD Licensing server and install/activate RDS CALs. Microsoft Learn+1

  • Harden access (NLA, RD Gateway, MFA, firewall).

  • Test, monitor, and scale hosts as needed.

Comments

Post a Comment

Popular posts from this blog

How to Connect to a Linux Server from Windows Using MobaXterm

Image
   Introduction Connecting to a  Linux server from a Windows machine  is a common task for system administrators, developers, and IT professionals. MobaXterm is a powerful terminal software that provides an all-in-one solution for remote computing. It supports SSH (Secure Shell), X11 forwarding, and other network protocols, making it an excellent choice for managing Linux servers from Windows. This guide will walk you through downloading, installing, and using MobaXterm to connect to a Linux server. Step 1: Download and Install MobaXterm Download MobaXterm Open a web browser on your Windows machine. Visit the official MobaXterm website:  https://mobaxterm.mobatek.net/ Click on the "Download" button. Choose either the "Home Edition" (free version) or the "Professional Edition" (paid version with additional features). Download the installer or the portable version, depending on your preference. Install MobaXterm If you downloaded the installer, double-click ...
Read more

How to Allow Remote Desktop Connections on Windows 7

Image
Remote Desktop Protocol (RDP) is a convenient feature built into Windows operating systems. It allows users to access and control another computer remotely over a network. For businesses and individuals still using Windows 7, enabling Remote Desktop connections can be essential for managing systems from a distance, troubleshooting, or working collaboratively. In this article, we’ll guide you through the steps to enable Remote Desktop connections on Windows 7, discuss security best practices, and troubleshoot common issues you might encounter. What is a Remote Desktop? Remote Desktop is a Microsoft feature that allows users to connect to a Windows computer remotely and interact with it as if they were sitting in front of it. This is achieved using the Remote Desktop Protocol (RDP). It is widely used for: Remote system administration. Accessing files and applications from another location. Offering technical support. In Windows 7, the Remote Desktop feature is available in the Profession...
Read more

How to Secure a Windows VPS from Hackers: A Comprehensive Guide

Image
A Windows Virtual Private Server (VPS) offers the flexibility to host websites, and applications, or manage remote workloads. However, its constant internet exposure makes it an attractive target for hackers. Cyberattacks, including brute force attacks, malware infections, and unauthorized access, can compromise your VPS if proper security measures are not in place. This article provides an in-depth guide on securing a Windows VPS from hackers and ensuring the safety of your data and operations. Understanding the Threats Hackers use a variety of techniques to compromise VPS environments, including: Brute Force Attacks: Automated bots systematically try passwords to gain unauthorized access. Exploitation of Vulnerabilities: Hackers exploit outdated software and unpatched vulnerabilities. Ransomware and Malware: Malicious software can encrypt data or take control of the server. Phishing and Social Engineering: Weak user practices may inadvertently grant hackers access. Addressing th...
Read more