The limitation is enforced inside termsrv.dll through a function call that checks the number of active sessions. If a second logon attempt is detected, the system either:
Microsoft's single-session limit is not just licensing greed—it's also a security boundary. Allowing multiple remote users on a desktop OS increases the attack surface. A compromised secondary user could potentially elevate privileges or access the primary user's session.
The executable scans the target file ( \Windows\System32\termsrv.dll ) for specific byte sequences that dictate connection limits.
Disclaimer: This write-up is for informational purposes only. Modifying system files violates Microsoft's Terms of Service and should be done at the user's own risk.
Each time Windows Update replaces termsrv.dll (e.g., a security patch for RDP), you will need to reapply the patch. Failure to do so reverts you to the single-session limit.
Drainage Cheshire