Windows XP Professional and Windows XP Media Center Edition (MCE) has Remote Desktop (RDP) service that allows the computer to be remotely connected, accessed and controlled from another computer or host. However, Windows XP machine only allows one concurrent remote desktop connection from a single user been connected to it with no multiple remote desktop sessions or connections support.

Whenever there is a remote user who user Remote Desktop Connection (RDC) client to connect to a Windows XP host, the local user is disconnected with the local console screen locked, with or without his or her permission. Remote Desktop, unlike Terminal Server Services in Windows 2000, Windows Server 2003, Windows Server 2008 (R2), Windows Server 2012 (R2), Windows Server 2016 or later, is designed for single user use only, no matter it’s local or remote user.

Here’s a hack to unlock the single user limitation and enable multiple concurrent remote desktop connection sessions support in Windows XP Professional and Media Center Edition, using a either a patched termserv.dll or old patched cracked termserv.dll build version version 5.1.2600.2055, so that unlimited users can simultaneously connect to a computer via Remote Desktop.

  1. Download a copy of patched termsrv.dll (in ZIP file) which has the Remote Desktop connection limitation deactivated for your version of Windows XP:

    Windows XP RTM, SP1 and SP2: termsrv.dll (version 5.1.2600.2055)
    Windows XP SP2: termsrv.dll (version 5.1.2600.2180)
    Windows XP SP3: termsrv.dll (version 5.1.2600.5512)

    For information, the termsrv.dll patch normally has the following HEX code bits overwritten with following value:

    00022A17: 74 75
    00022A69: 7F 90
    00022A6A: 16 90

  2. Restart the computer and boot info Safe Mode by pressing F8 during initial boot up and select Safe Mode. This step is only required if you’re currently running Windows Terminal Services or Remote Desktop service, and System File Protection has to be skipped and bypassed, else it will prompt the following error message to restore the original termsrv.dll.

    Windows File Protection

  3. Go to %windir%\System32 and make a backup copy (or rename) the termsrv.dll.
  4. Rename or delete the termserv.dll in the %windir%\System32\dllcache folder.
  5. Copy the downloaded termsrv.dll into %windir%\System32, %windir%\ServicePackFiles\i386 (if exist) and %windir%\System32\dllcache.
  6. Then download and run the ts_concurrent_session_patch.bat (in ZIP file) to merge the registry value into registery, or you can run Registry Editor to manually add the following registry value:
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Licensing Core]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  7. Click on Start Menu -> Run command and type gpedit.msc, follow by Enter to open up the Group Policy Editor.
  8. Navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services.
  9. Enable Limit Number of Connections and set the number of connections to 3 (or more). The setting allows more than one users to use the computer and logged on at the same time.
  10. Ensure the Remote Desktop is enabled in System Properties’ Remote tab by selecting the radio button for Allow users to connect remotely to this computer.
  11. Enable and turn on Fast User Switching in Control Panel -> User Accounts -> Change the way users log on or off.
  12. Restart the computer normally.
If you cannot replace or overwrite termserv.dll with access denied or file in use error, turn off the “Termine Services” in “Services” control panel of “Administrator Tools”. Besides, each connecting physical connections must have their own user account in the target host, and must authenticate with corresponding own user name and password credential.

To uninstall and revert back to original termsrv.dll, simply delete the patched version, and rename the backup copy back to “termsrv.dll”. You probably have to do it in Safe Mode if the Terminal Services is enabled and running.

If the Windows XP computer is connected to a domain on local networks, Windows will set the value of the regkey “AllowMultipleTSSessions” to “0” every time the computer is restarted. To ensure that multiple or unlimited Remote Desktop connection sessions is allowed in AD domain environment, the value data for “AllowMultipleTSSessions” has to be set to “1” on each system startup. To change the value, simply rerun the ts_multiple_sessions.bat every time the computer is started. Alternatively, put the ts_multiple_sessions.bat at C:\Documents and Settings\All Users\Start Menu\Programs\Startup folder so that it will be automatically run on first user with administrative privileges that logs on to the desktop. Another workaround is to install additional service or define a sub-key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry branch that run the registry batch file automatically on boot up, and this is useful if the computer won’t be logged on by anybody, but still requires the hack to allow unlimited Remote Desktop users to work.

Another issue is that if user closes the remote connection instead of logging off, when he or she tries to log back in, an error message related to TCP/IP event ID 4226 may occur. To resolve the issue, download and apply the Windows XP TCP/IP connection limit and Event ID 4226 patch, and set the connections to at least 50.