If you’ve ever encountered the message “The number of connections to this computer is limited and all connections are in use right now” while managing servers, you know how frustrating it can be. This limitation becomes particularly problematic when multiple administrators need simultaneous server access.
Today, we’ll explore how to effectively manage Remote Desktop Protocol (RDP) concurrent session limits using Windows Active Directory Group Policy Objects (GPO). This comprehensive guide covers everything from practical configuration steps to important considerations for production environments.
1. Understanding RDP Concurrent Session Limitations
Windows operating systems impose default restrictions on simultaneous RDP connections due to licensing policies and security considerations:
Default Limitations
- Windows 10/11 (Pro, Enterprise): 1 concurrent session
- Windows Server (2019/2022/2025): 2 administrative sessions + 1 console session
- Servers with RDS role installed: Multiple sessions based on licensing
These limitations are enforced by Microsoft’s licensing policies. Organizations requiring more concurrent connections must purchase appropriate licenses (RDS CALs).
2. Configuring RDP Session Limits via GPO
In Active Directory environments, Group Policy provides centralized management of RDP session limits. Here’s the step-by-step configuration process:
2-1. Accessing Group Policy Management Console
From a domain controller or workstation with RSAT installed:
- Press
Windows + Rto open the Run dialog - Type
gpmc.mscto launch Group Policy Management Console - Navigate to the target Organizational Unit (OU)
2-2. Creating New GPO or Editing Existing Policy
Right-click the target OU and select “Create a GPO in this domain, and Link it here…” or edit an existing GPO.
3. Core Policy Configuration: Connection Limits
In the GPO Editor, navigate to:
Computer Configuration → Policies → Administrative Templates → Windows Components
→ Remote Desktop Services → Remote Desktop Session Host → Connections
3-1. “Limit number of connections” Policy
Configure the most critical policy “Limit number of connections“:
| Setting | Value | Description |
|---|---|---|
| Policy Status | Enabled | Activates connection limit control |
| RD Maximum Connections allowed | Desired number (e.g., 10) | Maximum concurrent sessions |
Best Practice: Avoid setting excessively high connection limits as this can impact server performance. Consider your server specifications and intended usage when determining appropriate values.
3-2. “Restrict Remote Desktop Services users to a single session” Policy
In the same location, find “Restrict Remote Desktop Services users to a single Remote Desktop Services session“:
- Disabled: Allows users to maintain multiple concurrent sessions
- Enabled: Limits users to one session each
4. Advanced Configuration: Session Timeouts and Security
4-1. Session Time Limits
For efficient resource management, configure session timeouts:
Computer Configuration → Policies → Administrative Templates → Windows Components
→ Remote Desktop Services → Remote Desktop Session Host → Session Time Limits
Key settings include:
- Set time limit for active but idle Remote Desktop Services sessions
- Set time limit for disconnected sessions
- Set time limit for active Remote Desktop Services sessions
4-2. Network Level Authentication
Enhance security by enabling NLA (Network Level Authentication):
Computer Configuration → Policies → Administrative Templates → Windows Components
→ Remote Desktop Services → Remote Desktop Session Host → Security
Set “Require user authentication for remote connections by using Network Level Authentication” to Enabled.
5. Registry-Based Direct Configuration
PowerShell can be used to check and modify registry settings directly:
Checking Current Settings
# Check maximum connections
$key = "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
(Get-ItemProperty -Path $key -Name MaxInstanceCount -ErrorAction Ignore).MaxInstanceCount
# Check single session restriction
(Get-ItemProperty -Path $key -Name fSingleSessionPerUser -ErrorAction Ignore).fSingleSessionPerUser
Manual Configuration (Emergency Use)
# Set maximum connections (e.g., 10)
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name MaxInstanceCount -Value 10
# Allow multiple sessions per user
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name fSingleSessionPerUser -Value 0
6. Licensing Considerations and Best Practices
6-1. RDS Licensing Requirements
To allow connections beyond the default 2 administrative sessions on Windows Server:
- Install Remote Desktop Services role
- Purchase and install RDS CALs (Client Access Licenses)
- Configure License Server
6-2. Production Environment Recommendations
| Environment | Recommended Settings | Considerations |
|---|---|---|
| Small Admin Team | 3-5 sessions | Monitor resource usage |
| Medium Organization | 10-15 sessions | Verify RDS CAL compliance |
| Large Environment | RDS Farm deployment | Dedicated RDS infrastructure |
7. Troubleshooting and Monitoring
7-1. Verifying Policy Application
To confirm GPO is properly applied:
# Force policy update
gpupdate /force
# Verify applied policies
gpresult /h C:\gpresult.html
7-2. Monitoring Current RDP Sessions
To check active sessions:
# List current sessions
query session
# Terminate specific session (if needed)
logoff [SessionID]
8. Additional Security Hardening
8-1. Firewall Rule Verification
When RDP is enabled, verify firewall configuration:
# Check Windows Firewall RDP rules
Get-NetFirewallRule -DisplayName "*Remote Desktop*" | Select DisplayName, Enabled
8-2. Audit Policy Configuration
To log RDP connections:
Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration
→ Audit Policies → Logon/Logoff → Audit Logon
Managing RDP sessions through Windows AD GPO appears straightforward but requires careful consideration of licensing policies and security requirements.
In production environments, thorough testing before implementation is essential to avoid business continuity issues. While increasing RDP session limits is important, maintaining a balanced configuration that satisfies security, performance, and licensing compliance requirements is equally crucial.