By default you can connect to anyone session on a server, however this can be locked down via group policy. It is located:
Administrative Templates>Windows components>Remote Desktop Services>Remote Session Host>Connections
And is called “Set rules for remote control of Remote Desktop Services user sessions”