How to Set Up RDS Session Collection on Windows Server 2012 R2

An RDS Session Collection is the core configuration unit in Remote Desktop Services that defines a pool of RD Session Host servers, which users connect to for shared desktop or RemoteApp access. Session Collections determine which users can access the desktops and applications, what policies apply (session time limits, redirection, security), and which applications are published as RemoteApp programs. Windows Server 2012 R2 introduces a redesigned collection model managed entirely through Server Manager and PowerShell, replacing the older terminal services model from previous Windows Server versions.

Prerequisites

  • An RDS deployment created and functioning with at least one RD Connection Broker
  • At least one RD Session Host server added to the deployment
  • Administrative access to the Connection Broker server
  • Active Directory user accounts or groups that will access the collection

Step 1 — Create a Session Collection

Create a Session Collection that groups one or more Session Host servers:

New-RDSessionCollection -CollectionName "General Desktop" -SessionHost "rdsh01.domain.com", "rdsh02.domain.com" -ConnectionBroker "rdcb.domain.com" -CollectionDescription "General purpose desktops for all office staff"

To create the collection with specific user group access from the start:

New-RDSessionCollection -CollectionName "Finance Desktop" -SessionHost "rdsh03.domain.com" -ConnectionBroker "rdcb.domain.com" -UserGroup "DOMAINFinance-Users", "DOMAINFinance-Managers"

Step 2 — Configure Collection Properties

After creation, configure session collection settings such as session time limits, reconnection behaviour, and security:

Set-RDSessionCollectionConfiguration -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com" `
    -MaxRedirectedMonitors 2 `
    -DisconnectedSessionLimitMin 60 `
    -IdleSessionLimitMin 240 `
    -ActiveSessionLimitMin 0 `
    -AuthenticateUsingNLA $true `
    -EncryptionLevel "ClientCompatible" `
    -SecurityLayer "Negotiate"

Key parameters explained:

  • -DisconnectedSessionLimitMin: Minutes before a disconnected session is automatically logged off (0 = never)
  • -IdleSessionLimitMin: Minutes of idle time before a session is disconnected or ended
  • -AuthenticateUsingNLA: Requires Network Level Authentication before the full desktop loads (more secure)
  • -SecurityLayer: Negotiate allows either RDP security or SSL/TLS negotiated between client and server

Step 3 — Configure User Profile Disks

User Profile Disks (UPDs) are a Windows Server 2012 R2 feature that stores each user’s profile in a VHD file on a network share. This allows users to get consistent profiles regardless of which Session Host they connect to:

Set-RDSessionCollectionConfiguration -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com" `
    -EnableUserProfileDisk $true `
    -MaxUserProfileDiskSizeGB 10 `
    -DiskPath "\fileserverUPD-StoreGeneralDesktop"

Ensure the UPD share has the correct NTFS and share permissions. The computer accounts of all Session Host servers and the Connection Broker must have Full Control on the share. Create the share and set permissions:

# Create the UPD directory:
New-Item -ItemType Directory -Path "E:UPD-StoresGeneralDesktop"

# Share it:
New-SmbShare -Name "UPD-GeneralDesktop" -Path "E:UPD-StoresGeneralDesktop" -FullAccess "DOMAINDomain Computers", "DOMAINDomain Admins"

Step 4 — Configure Client Device Redirection

Control which client devices (printers, drives, clipboard, USB) can be redirected to the remote session:

Set-RDSessionCollectionConfiguration -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com" `
    -ClientDeviceRedirectionOptions "AudioVideoPlayBack, AudioRecording, COMPort, Drive, Printer, Clipboard, PlugAndPlayDevice, SmartCard"

For a more restrictive security posture (prevent data exfiltration via drives):

Set-RDSessionCollectionConfiguration -CollectionName "Secure Desktop" -ConnectionBroker "rdcb.domain.com" `
    -ClientDeviceRedirectionOptions "Printer, Clipboard"

Step 5 — Add Session Hosts to an Existing Collection

As demand grows, add Session Host servers to an existing collection:

Add-RDSessionHost -CollectionName "General Desktop" -SessionHost "rdsh04.domain.com" -ConnectionBroker "rdcb.domain.com"

Remove a Session Host (drain existing sessions first):

# Prevent new connections to the server:
Set-RDSessionHost -CollectionName "General Desktop" -SessionHost "rdsh01.domain.com" -NewConnectionAllowed "NotUntilReboot" -ConnectionBroker "rdcb.domain.com"

# Wait for existing sessions to end, then remove:
Remove-RDSessionHost -SessionHost "rdsh01.domain.com" -ConnectionBroker "rdcb.domain.com" -Force

Step 6 — Manage User Sessions

View all active sessions across Session Hosts in a collection:

Get-RDUserSession -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com" | Select-Object UserName, HostServer, UnifiedSessionId, SessionState | Format-Table -AutoSize

Disconnect or log off a specific session:

# Disconnect a session (user can reconnect):
Disconnect-RDUser -HostServer "rdsh01.domain.com" -UnifiedSessionID 3 -Force

# Log off a session (terminates the session):
Invoke-RDUserLogoff -HostServer "rdsh01.domain.com" -UnifiedSessionID 3 -Force

Send a message to all users in a collection:

Get-RDUserSession -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com" | ForEach-Object {
    Send-RDUserMessage -HostServer $_.HostServer -UnifiedSessionID $_.UnifiedSessionId -MessageTitle "Maintenance Notice" -MessageBody "The system will restart in 30 minutes. Please save your work."
}

Step 7 — Set Session Host Drain Mode

Before patching a Session Host, put it in drain mode to prevent new connections while allowing existing sessions to complete:

Set-RDSessionHost -CollectionName "General Desktop" -SessionHost "rdsh01.domain.com" -NewConnectionAllowed "No" -ConnectionBroker "rdcb.domain.com"

Step 8 — View Collection Summary

Get-RDSessionCollection -ConnectionBroker "rdcb.domain.com" | Select-Object CollectionName, CollectionType, Size, ResourceType

Get-RDSessionCollectionConfiguration -CollectionName "General Desktop" -ConnectionBroker "rdcb.domain.com"

Summary

RDS Session Collections on Windows Server 2012 R2 provide a flexible, policy-rich container for grouping Session Host servers and defining the user experience for remote desktop access. By configuring session time limits, User Profile Disks, device redirection policies, and user access groups, administrators can tailor each collection for its specific audience — from unrestricted general desktops to locked-down secure access environments. The ability to add Session Hosts dynamically and drain individual servers for maintenance ensures that session collections can grow with demand and be maintained without disruption to active users.