Client OS like Windows 11 also have a termsrv.dll limit (only 1 remote user at a time). A similar patch exists, but the offsets differ. This article is strictly for Windows Server 2022.

In Windows Server 2022 (Build 20348) , the specific byte pattern is located at hex offset 0x2D73A (may vary slightly with patches).

Some patchers target a different instruction: changing 7E (jump if less/equal) to EB (unconditional jump) or changing 75 to 74, but the modern "byte patch" for Server 2022 changes a 4-byte DWORD from 0x20000 to 0.

Open PowerShell as Admin:

Get-ItemProperty "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion" | Select ProductName, CurrentBuild, UBR

The core logic for session limits resides in termsrv.dll. Inside this library, a function checks the number of active RDP sessions against a hardcoded limit.

Solution:

In the ecosystem of Windows Server, remote administration is a cornerstone of daily operations. The built-in Remote Desktop Protocol (RDP) service is the primary tool for IT administrators to manage servers. However, Microsoft imposes a strict licensing limitation on the default RDP setup in Windows Server: only two concurrent administrative sessions are allowed. To unlock more simultaneous connections, one must purchase and install Remote Desktop Services (RDS) Client Access Licenses (CALs)—a costly investment. This is where the infamous "Termsrv.dll patch" enters the conversation, particularly for the niche seeking a free, albeit unsupported, solution for Windows Server 2022.

Understanding the Mechanism

The termsrv.dll (Terminal Services Dynamic Link Library) is the core system file responsible for managing RDP sessions on Windows Server. It enforces the licensing policy by checking how many users are connected and validating CALs. The so-called "patch" is a binary modification of this DLL. Using a hexadecimal editor or an automated patching tool, the process alters specific byte sequences within the file to change the license enforcement logic. The primary goal is to bypass the "two concurrent user" limit, allowing an unrestricted number of simultaneous RDP sessions without requiring RDS CALs.

The Appeal: Cost and Convenience for Non-Production Environments

The immediate attraction of the Termsrv.dll patch is obvious: it is free. For developers, students, homelab enthusiasts, or small businesses testing applications in a sandbox, paying hundreds or thousands of dollars for RDS CALs is prohibitive. The patch enables them to simulate a multi-user environment on a single Windows Server 2022 instance—perfect for training labs, software prototyping, or light internal tools. The process is relatively simple: take ownership of the file, stop the RDP service, replace the patched DLL, and restart. Within minutes, a standard Windows Server 2022 machine becomes a "terminal server" without official licensing.

The Serious Risks and Legal Grey Area

Despite its utility, applying the Termsrv.dll patch in a production environment is fraught with danger. First, instability and security: Modifying a core system file can break Windows Update. When Microsoft releases a security update for termsrv.dll, the patched version will be overwritten—either reverting the hack or, worse, causing the RDP service to fail entirely, locking all users out. Additionally, an altered DLL could introduce unexpected bugs, memory leaks, or crash the server. Second, lack of support: Microsoft’s support agreement explicitly excludes any system with tampered system files. If a patched server encounters issues, you are entirely on your own.

Third, and most critically, licensing violation. The Windows Server 2022 End-User License Agreement (EULA) and the product use rights clearly state that enabling more than two concurrent RDP sessions without RDS CALs is a breach of license terms. While Microsoft rarely pursues individual homelab users, a business caught using the patch in production risks significant legal liability, audit penalties, and back-licensing fees.

Free and Legal Alternatives

For those who need more than two RDP sessions without spending money, there are legitimate alternatives that do not involve hacking termsrv.dll. The most straightforward is using third-party remote access software that operates independently of RDP restrictions, such as VNC (TightVNC, UltraVNC), AnyDesk, or TeamViewer. These tools do not rely on termsrv.dll and allow multiple concurrent connections for free under certain usage limits. Another option is using Windows Admin Center (free from Microsoft) combined with PowerShell Remoting (WinRM) for headless management—though this does not provide a full desktop GUI to multiple users. For non-commercial use, Virtual Machines (Hyper-V is free on Windows Server Standard) can each host two RDP sessions, effectively scaling concurrent access.

Conclusion: A Tool for Labs, Not Livelihoods

The Termsrv.dll patch for Windows Server 2022 is a classic example of a "crack" that serves a genuine need: accessible multi-user RDP for non-production environments. Its appeal lies in its simplicity and zero cost. However, using it in a business-critical server is a gamble with high stakes—unreliability, broken updates, and license violations. As a best practice, reserve the patch for isolated test labs or home servers where failure is a learning opportunity, not a crisis. For any professional or production scenario, invest in proper RDS CALs, use native free tools like Windows Admin Center, or deploy a Linux-based alternative like Ubuntu Server with XRDP. True freedom in IT comes not from bypassing system files, but from building solutions on a foundation of stability and compliance.