diff --git a/91-default-xrdp.preset b/91-default-xrdp.preset
new file mode 100644
index 0000000..8679923
--- /dev/null
+++ b/91-default-xrdp.preset
@@ -0,0 +1,4 @@
+enable xrdp.service
+enable xrdp-sesman.service
+enable xvnc-novnc.socket
+enable vncmanager.service
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..27bf4bd
--- /dev/null
+++ b/README.md
@@ -0,0 +1,10 @@
+# These are files for getting 'Enhanced session' working in Hyper-V:
+
+- **91-default-xrdp.preset**: Used to control which systemd services are enabled at startup.
+- **hv_sock.conf**: Ensures the "hv_conf" module is loaded.
+- **sesman.ini**: Provides default settings for the 'xrdp-sesman' service.
+- **startwm.sh**: Simple startup session script to check for preferred session and base binary available to start it.
+- **xrdp.ini**: Provides default settings for the 'xrdp' service.
+- **xrdp.service**: Used to control which systemd services are enabled at startup (currently controlled by 91-default-xrdp.preset).
+- **xrdp-sesman.service**: Used to control which systemd services are enabled at startup (currently controlled by 91-default-xrdp.preset).
+- **Xwrapper.config**: Controls 'allowed_users' for X11.
diff --git a/Xwrapper.config b/Xwrapper.config
new file mode 100644
index 0000000..e1cef4c
--- /dev/null
+++ b/Xwrapper.config
@@ -0,0 +1 @@
+allowed_users=anybody
diff --git a/hv_sock.conf b/hv_sock.conf
new file mode 100644
index 0000000..e7656ff
--- /dev/null
+++ b/hv_sock.conf
@@ -0,0 +1 @@
+hv_sock
diff --git a/sesman.ini b/sesman.ini
new file mode 100644
index 0000000..9fac2ba
--- /dev/null
+++ b/sesman.ini
@@ -0,0 +1,117 @@
+;; See `man 5 sesman.ini` for details
+
+[Globals]
+ListenAddress=127.0.0.1
+ListenPort=3350
+EnableUserWindowManager=true
+; Give in relative path to user's home directory
+UserWindowManager=startwm.sh
+; Give in full path or relative path to /etc/xrdp
+DefaultWindowManager=startwm.sh
+; Give in full path or relative path to /etc/xrdp
+ReconnectScript=reconnectwm.sh
+
+[Security]
+AllowRootLogin=true
+MaxLoginRetry=4
+TerminalServerUsers=tsusers
+TerminalServerAdmins=tsadmins
+; When AlwaysGroupCheck=false access will be permitted
+; if the group TerminalServerUsers is not defined.
+AlwaysGroupCheck=false
+; When RestrictOutboundClipboard=true clipboard from the
+; server is not pushed to the client.
+RestrictOutboundClipboard=false
+
+[Sessions]
+;; X11DisplayOffset - x11 display number offset
+; Type: integer
+; Default: 10
+; ENHANCED
+;X11DisplayOffset=200
+X11DisplayOffset=0
+
+;; MaxSessions - maximum number of connections to an xrdp server
+; Type: integer
+; Default: 0
+MaxSessions=50
+
+;; KillDisconnected - kill disconnected sessions
+; Type: boolean
+; Default: false
+; if 1, true, or yes, kill session after 60 seconds
+KillDisconnected=false
+
+;; DisconnectedTimeLimit - when to kill idle sessions
+; Type: integer
+; Default: 0
+; if not zero, the seconds before a disconnected session is killed
+; min 60 seconds
+DisconnectedTimeLimit=0
+
+;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions
+; Type: integer
+; Default: 0
+; Set to 0 to disable idle disconnection.
+IdleTimeLimit=0
+
+;; Policy - session allocation policy
+; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
+; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
+; "UBD" session per <User,BitPerPixel,DisplaySize>
+; "UBI" session per <User,BitPerPixel,IPAddr>
+; "UBC" session per <User,BitPerPixel,Connection>
+; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
+; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
+Policy=Default
+
+[Logging]
+LogFile=xrdp-sesman.log
+LogLevel=ERROR
+EnableSyslog=0
+SyslogLevel=ERROR
+
+;
+; Session definitions - startup command-line parameters for each session type
+;
+
+[Xorg]
+; Specify the path of non-suid Xorg executable. It might differ depending
+; on your distribution and version. The typical path is shown as follows:
+;
+; Fedora 26 or later    :  param=/usr/libexec/Xorg
+; Debian 9 or later     :  param=/usr/lib/xorg/Xorg
+; Ubuntu 16.04 or later :  param=/usr/lib/xorg/Xorg
+; Arch Linux            :  param=/usr/lib/xorg-server/Xorg
+; CentOS 7              :  param=/usr/bin/Xorg or param=Xorg
+;
+param=Xorg
+; Leave the rest paramaters as-is unless you understand what will happen.
+param=-config
+param=xrdp/xorg.conf
+param=-noreset
+param=-nolisten
+param=tcp
+param=-logfile
+param=.xorgxrdp.%s.log
+
+[Xvnc]
+param=Xvnc
+param=-bs
+param=-nolisten
+param=tcp
+param=-localhost
+param=-dpi
+param=96
+
+[Chansrv]
+; drive redirection, defaults to xrdp_client if not set
+; ENHANCED
+;FuseMountName=thinclient_drives
+FuseMountName=shared-drives
+; this value allows only the user to acess their own mapped drives.
+; Make this more permissive (e.g. 022) if required.
+FileUmask=077
+
+[SessionVariables]
+PULSE_SCRIPT=/etc/xrdp/pulse/default.pa
diff --git a/startwm.sh b/startwm.sh
new file mode 100644
index 0000000..d6a7a3d
--- /dev/null
+++ b/startwm.sh
@@ -0,0 +1,28 @@
+#PREF_SESSION='gnome'
+#PREF_SESSION='icewm'
+#PREF_SESSION='kde'
+#PREF_SESSION='xfce'
+
+if [[ -e ${HOME}/.xsession ]];
+then
+  # PREF_SESSION='[gnome|icewm|kde|xfce]'
+  . ${HOME}/.xsession
+fi
+
+printf "script: '%s' with PREF_SESSION: '%s' was run via shell: '%s', date: '%s'.\n" "$(basename $0)" "$PREF_SESSION" "$SHELL" "$(date)" >> ${HOME}/$(basename $0).txt
+
+if [[ -e /usr/bin/gnome-session && $PREF_SESSION == "gnome" ]];
+then
+  /usr/bin/gnome-session ;
+elif [[ -e /usr/bin/startplasma-x11 && $PREF_SESSION = "kde" ]];
+then
+  /usr/bin/startplasma-x11 ;
+elif [[ -e /usr/bin/startxfce4 && $PREF_SESSION == "xfce" ]];
+then
+  /usr/bin/startxfce4 ;
+elif [[ -e /usr/bin/icewm-session && $PREF_SESSION == "icewm" ]];
+then
+  /usr/bin/icewm-session ;
+else
+  xmessage "IS 'PREF_SESSION' ($PREF_SESSION) SET?"
+fi
diff --git a/xrdp-sesman.service b/xrdp-sesman.service
new file mode 100644
index 0000000..8660cdb
--- /dev/null
+++ b/xrdp-sesman.service
@@ -0,0 +1 @@
+enable xrdp-sesman.service
diff --git a/xrdp.ini b/xrdp.ini
new file mode 100644
index 0000000..802a106
--- /dev/null
+++ b/xrdp.ini
@@ -0,0 +1,236 @@
+[Globals]
+; xrdp.ini file version number
+ini_version=1
+
+; fork a new process for each incoming connection
+fork=true
+
+; ports to listen on, number alone means listen on all interfaces
+; 0.0.0.0 or :: if ipv6 is configured
+; space between multiple occurrences
+;
+; Examples:
+;   port=3389
+;   port=unix://./tmp/xrdp.socket
+;   port=tcp://.:3389                           127.0.0.1:3389
+;   port=tcp://:3389                            *:3389
+;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
+;   port=tcp6://.:3389                          ::1:3389
+;   port=tcp6://:3389                           *:3389
+;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
+;   port=vsock://<cid>:<port>
+; ENHANCED
+;port=3389
+port=vsock://-1:3389
+
+; 'port' above should be connected to with vsock instead of tcp
+; use this only with number alone in port above
+; prefer use vsock://<cid>:<port> above
+; ENHANCED
+;use_vsock=false
+use_vsock=true
+
+; regulate if the listening socket use socket option tcp_nodelay
+; no buffering will be performed in the TCP stack
+tcp_nodelay=true
+
+; regulate if the listening socket use socket option keepalive
+; if the network connection disappear without close messages the connection will be closed
+tcp_keepalive=true
+
+; set tcp send/recv buffer (for experts)
+#tcp_send_buffer_bytes=32768
+#tcp_recv_buffer_bytes=32768
+
+; security layer can be 'tls', 'rdp' or 'negotiate'
+; for client compatible layer
+; ENHANCED
+;security_layer=negotiate
+security_layer=rdp
+
+; minimum security level allowed for client for classic RDP encryption
+; use tls_ciphers to configure TLS encryption
+; can be 'none', 'low', 'medium', 'high', 'fips'
+; ENHANCED
+;crypt_level=high
+crypt_level=none
+
+; X.509 certificate and private key
+; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
+certificate=
+key_file=
+
+; set SSL protocols
+; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
+ssl_protocols=TLSv1.2, TLSv1.3
+; set TLS cipher suites
+#tls_ciphers=HIGH
+
+; Section name to use for automatic login if the client sends username
+; and password. If empty, the domain name sent by the client is used.
+; If empty and no domain name is given, the first suitable section in
+; this file will be used.
+autorun=
+
+allow_channels=true
+allow_multimon=true
+bitmap_cache=true
+; ENHANCED
+;bitmap_compression=true
+bitmap_compression=false
+bulk_compression=true
+#hidelogwindow=true
+max_bpp=32
+new_cursors=true
+; fastpath - can be 'input', 'output', 'both', 'none'
+use_fastpath=both
+; when true, userid/password *must* be passed on cmd line
+#require_credentials=true
+; You can set the PAM error text in a gateway setup (MAX 256 chars)
+#pamerrortxt=change your password according to policy at http://url
+
+;
+; colors used by windows in RGB format
+;
+blue=009cb5
+grey=dedede
+#black=000000
+#dark_grey=808080
+#blue=08246b
+#dark_blue=08246b
+#white=ffffff
+#red=ff0000
+#green=00ff00
+#background=626c72
+
+;
+; configure login screen
+;
+
+; Login Screen Window Title
+#ls_title=My Login Title
+
+; top level window background color in RGB format
+ls_top_window_bg_color=000000
+
+; width and height of login screen
+ls_width=350
+ls_height=430
+
+; login screen background color in RGB format
+ls_bg_color=dedede
+
+; optional background image filename (bmp format).
+#ls_background_image=
+
+; logo
+; full path to bmp-file or file in shared folder
+ls_logo_filename=
+ls_logo_x_pos=55
+ls_logo_y_pos=50
+
+; for positioning labels such as username, password etc
+ls_label_x_pos=30
+ls_label_width=65
+
+; for positioning text and combo boxes next to above labels
+ls_input_x_pos=110
+ls_input_width=210
+
+; y pos for first label and combo box
+ls_input_y_pos=220
+
+; OK button
+ls_btn_ok_x_pos=142
+ls_btn_ok_y_pos=370
+ls_btn_ok_width=85
+ls_btn_ok_height=30
+
+; Cancel button
+ls_btn_cancel_x_pos=237
+ls_btn_cancel_y_pos=370
+ls_btn_cancel_width=85
+ls_btn_cancel_height=30
+
+[Logging]
+LogFile=xrdp.log
+LogLevel=ERROR
+EnableSyslog=false
+SyslogLevel=ERROR
+; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
+
+[Channels]
+; Channel names not listed here will be blocked by XRDP.
+; You can block any channel by setting its value to false.
+; IMPORTANT! All channels are not supported in all use
+; cases even if you set all values to true.
+; You can override these settings on each session type
+; These settings are only used if allow_channels=true
+rdpdr=true
+rdpsnd=true
+drdynvc=true
+cliprdr=true
+rail=true
+xrdpvr=true
+tcutils=true
+
+; for debugging xrdp, in section xrdp1, change port=-1 to this:
+#port=/tmp/.xrdp/xrdp_display_10
+
+; for debugging xrdp, add following line to section xrdp1
+#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
+
+
+;
+; Session types
+;
+
+; Some session types such as Xorg, X11rdp and Xvnc start a display server.
+; Startup command-line parameters for the display server are configured
+; in sesman.ini. See and configure also sesman.ini.
+[Xvnc]
+name=Xvnc
+lib=libvnc.so
+username=ask
+password=ask
+ip=127.0.0.1
+port=-1
+#xserverbpp=24
+delay_ms=2000
+
+[Xorg]
+name=Xorg
+lib=libxup.so
+username=ask
+password=ask
+ip=127.0.0.1
+port=-1
+code=20
+
+[vnc-any]
+name=vnc-any
+lib=libvnc.so
+ip=ask
+port=ask5900
+username=na
+password=ask
+#pamusername=asksame
+#pampassword=asksame
+#pamsessionmng=127.0.0.1
+#delay_ms=2000
+
+[neutrinordp-any]
+name=neutrinordp-any
+lib=libxrdpneutrinordp.so
+ip=ask
+port=ask3389
+username=ask
+password=ask
+
+; You can override the common channel settings for each session type
+#channel.rdpdr=true
+#channel.rdpsnd=true
+#channel.drdynvc=true
+#channel.cliprdr=true
+#channel.rail=true
+#channel.xrdpvr=true
diff --git a/xrdp.service b/xrdp.service
new file mode 100644
index 0000000..8953de8
--- /dev/null
+++ b/xrdp.service
@@ -0,0 +1 @@
+enable xrdp.service