Limti rdp session per user to one Windows Server 2019

Sebastian R 101 Reputation points
2020-05-18T16:15:41.463+00:00

Hi,

i want to limit rdp sessions per user to one on a Windows Server 2019 RDSH (vm). The vm is not part of a Remote Desktop Gateway Deployment, so it's a standalone session host.

I tried to realise that with a local GPO via
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connection
and activated "Restrict Remote Desktop Services user to a single Remote Desktop Services session"

I also tried setting the related registry value Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser to 1

However it's still possible for users to create multiple rdp sessions on that system.

I checked other RDP session hosts, that are behind a Remote Desktop Gateway. In such a setup somehow the limitation seems to be enabled automatically. So I compared the relevant registry values in Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server of both machines. I could not find any differences related to my problem.

Does anyone has an idea what I am missing?

Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,338 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sebastian R 101 Reputation points
    2020-05-25T14:34:22.143+00:00

    I've finally found the misconfiguration.
    I used rsop.msc to get all active GPO settings and saw that the GPO setting I needed to be active was deactivated by another GPO. Fixed the GPO setting, did an gpupdate and here we go: Rdp sessions are now limited to one per user

    Thank you all for your answers and ideas.

    1 person found this answer helpful.

4 additional answers

Sort by: Most helpful
  1. Manu Philip 16,951 Reputation points MVP
    2020-05-18T17:02:02.29+00:00

    Hello,

    I think, you are following the right approach here through GPO. To affirm the steps, I am providing it again as below:

    1.Log into the server using Remote Desktop.

    1. Open the start menu and type 'gpedit.msc' and open it
    2. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
    3. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

    After doing this step, open a command prompt and type gpupdate /force and enter to take effect the settings immediately

    Regards,
    Manu

    0 comments No comments

  2. Sebastian R 101 Reputation points
    2020-05-19T10:28:57.457+00:00

    Thank you for your answer. Unfortunately that didn't help.

    I tried gpupdate /force and restarted the system. No change in behaviour.

    Curious thing is here, that when I change the registry value Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fSingleSessionPerUser to 0 on the RDSH that is behind a Remote Desktop Gateway, the change takes effect immediately effect without gpupdate or restarting the system

    I really do not see, what I'm missing here

    0 comments No comments

  3. Manu Philip 16,951 Reputation points MVP
    2020-05-19T11:30:16.037+00:00

    Hello,

    We need to understand the issue further with the hep of event logs.

    First check any errors or warnings reported under Application or System categories

    Check group policy related event logs and see any error reported.

    1. Open Event Viewer
    2. Click the arrow next to Applications and Services Logs.
    3. Click the arrow next to Microsoft, and then Windows, and then Group Policy.
    4. Click Operational.

    Repeat the above all procedure after applying the group policy again (guupdate /force)

    Thanks,
    Manu

    0 comments No comments

  4. Sebastian R 101 Reputation points
    2020-05-20T11:15:36.493+00:00

    Hello,

    I checked event logs as you suggested before and after applying group policies. There are no errors or warnings. There are no entries that say anything about limitation of rdp session either