Patching termsrv.dll on Windows Server 2022 is a common workaround used by administrators to enable multiple concurrent Remote Desktop (RDP) sessions without requiring a full Remote Desktop Services (RDS) deployment and the associated client access licenses (CALs). While Windows Server technically supports multiple sessions, it typically limits them to two administrative sessions unless the RDS role is configured. What is the termsrv.dll Patch?
The termsrv.dll file, located in %SystemRoot%\System32\, is the core library for Microsoft Terminal Services. By default, this file contains a hard-coded check that enforces session limits based on the OS edition. Patching involves modifying specific hexadecimal bytes within this DLL to bypass these checks. How to Patch termsrv.dll for Windows Server 2022
The process involves gaining ownership of a system file, stopping the relevant services, and editing the binary code. Windows server 2022 21H2 10.0.20348.1547 support missing
The "interesting piece" regarding termsrv.dll in Windows Server 2022
centers on a technique used to bypass Microsoft's default restriction that limits non-RDS (Remote Desktop Services) servers to only two concurrent RDP sessions
. By "patching" specific byte sequences within this DLL, users can unlock unlimited simultaneous connections without purchasing additional Client Access Licenses (CALs). The Core Technique: Hex Patching
To enable multiple sessions, enthusiasts use hex editors like Tiny Hexer
or PowerShell scripts to find and replace specific machine code instructions within %SystemRoot%\System32\termsrv.dll The Target
: Patching involves searching for a specific pattern, such as 39 81 3C 06 00 00 termsrv.dll patch windows server 2022
, which the OS uses to check the current session count against its allowed limit.
: Replacing these bytes with a "jump" or a fixed value (e.g., B8 00 01 00 00 89 81 38 06 00 00 90
) effectively tells the system that the session limit has not yet been reached. Automation : Tools like TermsrvPatcher on GitHub
automate this process and can even set up scheduled tasks to re-patch the file after Windows Updates, which frequently overwrite the modified DLL with a standard one. Critical Challenges in Windows Server 2022
Unlike older versions of Windows, patching termsrv.dll in Server 2022 presents unique difficulties due to aggressive security updates:
RDP access issues after latest updates | Windows Server 2022 8 Aug 2023 —
Patching termsrv.dll on Windows Server 2022 is a manual workaround used to bypass licensing restrictions and enable multiple concurrent RDP sessions. While Windows Server editions naturally support multiple sessions if the Remote Desktop Session Host (RDSH) role is installed, this patch is often used when administrators want to avoid RDS licensing requirements or enable concurrent sessions on non-RDS-configured servers. Technical Overview
The patch involves modifying specific hex bytes within C:\Windows\System32\termsrv.dll that enforce the "single session per user" or "connection limit" rules. Patching termsrv
Key File: termsrv.dll (The main library for Remote Desktop Services). Common Patch Hex (Windows 10/11/Server 2022): Find: 39 81 3C 06 00 00 Replace: B8 00 01 00 00 89 81 38 06 00 00 90
Note: These values change with Windows updates. Newer builds (like 24H2) require different strings, such as replacing 8B 81 38 06 00 00 39 81 3C 06 00 00 75 with B8 00 01 00 00 89 81 38 06 00 00 90 EB. Implementation Methods Windows server 2022 21H2 10.0.20348.1547 support missing
The "story" of the termsrv.dll patch for Windows Server 2022 is a saga of administrators attempting to bypass Microsoft's licensing restrictions to allow more than two concurrent Remote Desktop Protocol (RDP) sessions without purchasing expensive Client Access Licenses (CALs). The Core Conflict: Licensing vs. Utility
By default, Windows Server 2022 allows only two simultaneous RDP sessions for administrative purposes. To officially support more users, Microsoft requires the installation of the Remote Desktop Services (RDS) role and the purchase of RDS CALs, which can cost hundreds of dollars. For many small businesses or lab environments, this cost is a significant barrier, leading to the search for a "patch". The Solution: Patching termsrv.dll
The termsrv.dll file, located in C:\Windows\System32, is the library responsible for managing Terminal Services. The "patch" involves modifying this binary file to remove the hardcoded check that limits concurrent connections.
fabianosrc/TermsrvPatcher: Patch termsrv.dll so that ... - GitHub
The primary feature of a termsrv.dll patch for Windows Server 2022 is to enable multiple concurrent Remote Desktop Protocol (RDP) sessions. By default, Windows Server 2022 allows only two simultaneous RDP connections for administrative purposes; patching this system library bypasses that restriction to allow more users to connect at once. Key Functions of the Patch
fabianosrc/TermsrvPatcher: Patch termsrv.dll so that ... - GitHub Summary (concise) Patching termsrv
About. Patch termsrv.dll so that multiple remote users can open an RDP session on a non-Windows Server computer.
Patching termsrv.dll is a binary-modification approach people use to change RDP concurrency and behavior. Technically it involves altering conditional logic inside the DLL, but it is build-specific, fragile, and risky: it can break services, trigger security detections, be undone by updates, and may violate licensing. For production and supported environments, use Microsoft’s RDS licensing, Azure Virtual Desktop, virtualization, or administrative built-in allowances instead of modifying system binaries. If performed for research, limit it to isolated, disposable test VMs and accept the maintenance and security risks.
If you want, I can:
Disclaimer: This guide is for educational and lab use only. Applying this patch on a production server or in violation of Microsoft Licensing Terms is not recommended and may lead to legal and security issues.
The original termsrv.dll receives security patches for RDP-related exploits (e.g., CVE-2023-28251, BlueKeep). When you replace it with a patched version, you may lose critical security fixes, exposing your server to remote code execution attacks—especially if RDP is exposed to the internet.
Most enterprise AV solutions (Defender for Endpoint, SentinelOne, CrowdStrike) flag termsrv.dll modifications as HackTool:Win32/Patcher or RiskWare. This can trigger automatic quarantines, break RDP entirely, or violate corporate security policies.
Open an elevated Command Prompt (cmd as Administrator).
copy C:\Windows\System32\termsrv.dll C:\termsrv_backup.dll
copy C:\Windows\System32\termsrv.dll C:\Windows\System32\termsrv_original.dll
Run multiple lightweight VMs on your physical host using Hyper-V or VMware. Each VM provides two administrative sessions. Use a management tool like Apache Guacamole to proxy RDP connections across VMs.
DISM /online /disable-feature /featurename:WindowsDefenderApplicationGuard (not recommended permanently). Use the exact byte pattern.