Skip to main content
Windows 11 RDP RDP Wrapper Cloudflare Windows 11 Remote Desktop allows only one concurrent session by default. RDP Wrapper Library lets multiple users hold independent sessions without buying a Windows Server license.
The RDP concurrent-session limit is part of Microsoft’s licensing terms. Methods that lift it may violate those terms. Assess the risk yourself, confirm it fits your organization’s policy, and for enterprise or business-critical use prefer a licensed Windows Server RDS deployment. All IPs, ports, and domains below are placeholders: replace them, and never publish your real external address, port mappings, or accounts.

Two methods

Requirements

  • Windows 11 Pro or Enterprise, administrator rights
  • 8GB+ RAM recommended; enough resources for concurrent sessions
  • Open the RDP port (default TCP 3389, can be changed to non-standard)

Method 1: RDP Wrapper setup

1

Download RDP Wrapper

Get the latest .zip from RDP Wrapper releases and extract it somewhere accessible (e.g. D:\RDPWrapper).
2

Verify the extracted files

Should include RDPWinst.exe, RDPConf.exe, RDPCheck.exe, install.bat, uninstall.bat, update.bat.
3

Install as administrator

Right-click install.bat → “Run as administrator”. If access is denied, temporarily disable Windows Defender protection and retry. It installs to C:\Program Files\RDP Wrapper.
4

Verify the install

Run RDPConf.exe and check Diagnostics: green is fine, red (not supported) means the config needs updating.
5

Update rdpwrap.ini (if red warnings)

Open C:\Program Files\RDP Wrapper\rdpwrap.ini as administrator and replace its contents entirely with the community-maintained config:
https://raw.githubusercontent.com/sebaxakerhtc/rdpwrap.ini/master/rdpwrap.ini
Save, restart, then run RDPConf.exe again to confirm all green.
6

Test multi-user connection

Run RDPCheck.exe for a local test, create multiple user accounts, and connect concurrently from different devices.

Key RDP service settings

SettingFunctionSecurity note
Enable Remote DesktopStarts the RDP servicePair with firewall source limits
RDP portTCP port to listen onNon-standard port lowers automated attacks
Hide users on logonHides the account listAvoids leaking account info

External access

To connect from outside, set up router port forwarding, ideally behind Cloudflare.
1

Find the internal IP and make it static

Run ipconfig on the target PC, note the IPv4 (e.g. 192.168.x.x), and set a static IP or DHCP reservation so forwarding does not break on address changes.
2

Router port forwarding

Add a rule under the router’s Port Forwarding / Virtual Server:
SettingExampleNotes
Internal IP192.168.x.xTarget PC LAN IP
External port<external-port>Custom non-standard port
Internal port3389Match the RDPConf setting
ProtocolTCP
Use a non-standard external port (not 3389) to reduce port-scan and automated-attack exposure.
3

Allow through Windows Firewall

win + Rwf.msc, add an inbound rule: type “Port”, protocol TCP, your RDP port, action “Allow the connection”.
4

Test connectivity

Internally: telnet 192.168.x.x 3389. Externally: from a phone hotspot, telnet <public-ip> <external-port> or an online open-port checker.
5

Cloudflare (pick one)

  • A record (quick): add an A record in Cloudflare DNS pointing at your public IP, Proxy set to “DNS only (grey cloud)”.
  • Cloudflare Tunnel (recommended): no open router port, automatic TLS, DDoS protection. Install cloudflared, then:
# config.yml
tunnel: <tunnel-id>
credentials-file: <path-to-credentials>
ingress:
  - hostname: remote.your-domain.com
    service: rdp://localhost:3389
  - service: http_status:404

Client connection

  • Built-in Remote Desktop Connection (mstsc): enter address:port, log in with credentials.
  • Microsoft Remote Desktop app: add a PC with the address and credentials.
  • Command line: mstsc /v:<host>:<port>.

Troubleshooting

SymptomLikely causeWhere to look
RDPConfig shows redrdpwrap.ini stale or termsrv.dll modifiedUpdate the ini, sfc /scannow, reinstall RDP Wrapper
No connection after patchingService not restarted, firewall, permissionsRestart TermService/UmRdpService, check firewall, confirm account in “Remote Desktop Users”
Breaks after Windows updateSystem file restored or config overwrittenRecheck RDPConf, update the ini, restart
Slow with many sessionsResource/bandwidth limitsAdd RAM, lower color depth, use wired networking
Before running GPU training on a shared multi-user host, confirm no one else is using the GPU to avoid OOM.

Hardening

  • Enable NLA (Network Level Authentication) to authenticate before the session.
  • Move RDP off the default port and set a source-IP allowlist in the firewall.
  • Account lockout policy (e.g. 5 failures → 30 min) and audit both successful and failed logons.
  • Grant “Allow log on through Remote Desktop Services” only to needed users; explicitly deny high-risk accounts.
  • Strong password policy plus 2FA; review TerminalServices-LocalSessionManager event logs regularly.
This page is a public, sanitized version of the private organization repo issp-mes-lab/remote-win11-pc, with lab-internal addresses, ports, and accounts removed. The source repo is private and requires organization access.