Set up multiple RDP users on Windows Server? Short answer: enable Remote Desktop Services (RDS) on the server (or enable Remote Desktop for basic two-admin connections), install the Remote Desktop Session Host role (if you want many simultaneous interactive sessions), create the user accounts, add those users to the Remote Desktop Users group, and configure an RD Licensing server with the appropriate RDS CALs — then publish a session collection (or allow direct RDP logons) and open the firewall. In practice that means installing/configuring the RDS roles (Connection Broker, Session Host, Licensing), assigning licenses, securing connections (NLA, TLS, MFA), and testing each user. Below, I walk through a clear, practical step-by-step process plus tips for stability and security.
Why you can’t just “turn on RDP” for many users
Windows Server lets administrators remotely connect by default for maintenance (two concurrent admin sessions via the built-in Remote Desktop feature). If you want multiple regular users to log in simultaneously to independent interactive desktops (like terminal services), you must use Remote Desktop Services (RDS) and a proper RDS licensing model (RDS CALs). Running many simultaneous sessions without RDS licensing violates Microsoft licensing and won’t scale in functionality or manageability.
Prerequisites
- A Windows Server edition that supports RDS (e.g., Windows Server 2016/2019/2022).
- Administrative credentials on the server and (if used) domain admin to create AD users.
- RDS Client Access Licenses (RDS CALs) matching the number of concurrent user sessions (or devices).
- Basic networking: DNS entry or IP, and firewall rules allowing RDP (default TCP 3389).
- (Recommended) Domain joined servers when you run multi-server RDS farms.
Step-by-Step Set up Multiple RDP Users on Windows Server (GUI-focused, safe for most admins)
1. Create the user accounts
- If the server is domain-joined, create users in Active Directory Users and Computers.
- If it’s standalone, create local user accounts via Computer Management → Local Users and Groups → Users.
- For each user, set a password and configure any password policy requirements.
2. Add users to the RDP Users group
- Open Computer Management → Local Users and Groups → Groups.
- Open Remote Desktop Users, click Add…, and add the user accounts or AD groups that should be allowed RDP access. This grants RDP logon rights.
3. Decide between “single server Remote Desktop” vs. full RDS role
- For only a couple of administrators, enabling Remote Desktop (System Properties → Remote) is enough.
- For many simultaneous interactive users (multi-session desktops), install Remote Desktop Services and the Remote Desktop Session Host role.
4. Install Remote Desktop Services role
- Open Server Manager → Manage → Add Roles & Features.
- Choose Remote Desktop Services installation and follow the wizard to deploy the role services you need (Session Host, Connection Broker, Licensing).
- Ideally use the standard deployment if you plan to scale across multiple servers.
Tip: For production, separate responsibilities (Session Host on one server, Licensing on another) or use multiple session hosts behind the Connection Broker for load balancing.
5. Configure the RD Licensing server
- In Server Manager under Remote Desktop Services, add and configure a RD Licensing role service.
- Activate the licensing server and install your purchased RDS CALs (per user or per device) through the RD Licensing Manager.
- In RD Session Host Configuration (or via Server Manager), point the Session Host(s) to your licensing server so sessions can be validated.
6. Create a Session Collection (if using full RDS)
- In Server Manager → Remote Desktop Services → Collections, create a new collection and add your Session Host(s).
- Configure collection settings: user profile disks, session limits, and resource settings.
7. Configure firewall & network
- Ensure TCP 3389 is open (or your chosen port) on the server firewall and any network firewalls.
- If exposing to the internet, place the RDS Gateway or use VPN—do not open RDP directly to the internet without strong protections.
8. Enforce security settings
- Enable Network Level Authentication (NLA) for RDP.
- Use TLS/SSL for RDP or deploy an RD Gateway with HTTPS.
- Consider Multi-Factor Authentication (MFA) at the gateway.
- Restrict which users can log on via RDP using Group Policy: Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → User Rights Assignment → Allow log on through Remote Desktop Services.
9. Test with user accounts
- From a client machine use Remote Desktop Connection (mstsc.exe) and connect using a user account.
- Verify each user gets a separate session, application behavior is correct, and licensing is consumed by the Licensing Manager.
Quick PowerShell notes (optional)
If you prefer automation, many RDS tasks can be scripted with PowerShell (Install-WindowsFeature or the RDS deployment cmdlets). Use PowerShell for bulk user creation, automatic firewall rules, or collecting logs. Be sure to test scripts in a non-production environment first.
Performance and management tips
- Monitor CPU, RAM, and disk I/O on Session Hosts—RDS users are resource hungry. Scale out by adding more Session Hosts behind a Connection Broker.
- Use Roaming Profiles or User Profile Disks carefully; they impact logon speed.
- Set session timeouts and disconnect policies to free resources from idle sessions.
- Keep Windows Updates scheduled and test before broad rollouts to avoid RDP regression issues.
Common pitfalls & how to avoid them
- No RDS CALs / licensing misconfiguration — sessions will be limited or blocked. Configure the RD Licensing role and activate CALs before production use.
- Firewall or port blocks — verify network path and NAT rules.
- User is not in Remote Desktop Users — even if a user exists, they must have the right to log on via RDS.
- Exposing RDP to the Internet without gateway/MFA — high security risk. Use RD Gateway, VPN, or zero-trust remote access.
Final checklist before going live
- Users created and tested.
- Session Host(s) installed and configured.
- RD Licensing installed and CALs activated.
- Firewall and networking validated.
- Security hardening applied (NLA, TLS, RD Gateway/MFA).
- Performance monitoring in place.
Set up multiple RDP users on Windows Server is straightforward when you follow the right path: create users, grant RDP rights, deploy Remote Desktop Services (for many users), and correctly configure licensing and security. With proper planning for capacity and safeguards (RD Gateway, MFA, timeouts), RDS provides a stable, centralized way for many people to work remotely from a single Windows Server estate. If you’d like, I can now: provide an exact checklist tailored to your Windows Server version (2016/2019/2022), or produce PowerShell commands to automate user creation and role installation. Which would you prefer?
