Changing the Default Remote Desktop (RDP) Port 3389 in Windows

In all Windows operation techniques the default port assigned to RDP (Remote Desktop Protocol) is TCP 3389.

If your laptop is related to the Internet instantly (e. g., a VDS/VPS server) or you’ve got configured of 3389/RDP port in your edge router to a Windows laptop (server) in the native community, you may change the default 3389/RDP port to another. By altering the RDP port quantity, you may disguise your RDP server from port scanners, scale back the risk of exploiting RDP vulnerabilities (the final identified vulnerability in RDP BlueKeep is described in CVE-2019-0708), scale back the variety of RDP brute pressure assaults (don’t overlook to recurrently ), SYN and different assaults (particularly, when ).

You can change the default RDP port when a router with one white IP tackle is utilized by a number of computer systems operating Windows to which it is advisable present exterior RDP entry. You can configure a novel RDP port on every laptop and configure port forwarding (PAT) to native computer systems in your router (relying on the RDP port quantity, the distant session is forwarded to one in all the inner computer systems).

When selecting a non-standard RDP port, please be aware that it isn’t really useful to make use of port 1-1023 (identified ports) and dynamic RPC port vary 49152-65535.

Let’s attempt to change the port of Remote Desktop service to 1350. To do it:

  1. Open the Registry Editor and go to the registry key HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp;
  2. Find the DWORD parameter with the identify PortNumber. This parameter exhibits the port, on which the Remote Desktop service is listening;
  3. Change the worth of this parameter. I’ve modified the RDP port to 1350 (Decimal); registry set rdp Port Number in windows 10
  4. If Windows Firewall is enabled in your laptop, you’ll have to create a brand new rule that permits inbound connection to your new RDP port. (If you reconfigure a distant server by RDP with out creating the rule on your firewall, you’ll lose entry to your server.) You can create an permitting inbound rule on your new TCP/UDP RDP port manually in Windows Defender Firewall console (firewall.cpl) or utilizing PowerShell instructions:New-InternetFirewallRule -ShowName "New RDP Port 1350" -Direction Inbound -NativePort 1350 -Protocol TCP -Action enable

    New-InternetFirewallRule -ShowName "New RDP Port 1350" -Direction Inbound -NativePort 1350 -Protocol UDP -Action enable New-NetFirewallRule - allow incoming new rdp port connections

  5. Restart your laptop or restart your Remote Desktop service with this command: internet cease termservice & internet begin termservice
  6. To hook up with this Windows laptop through RDP, it’s a must to specify the new RDP connection port in your mstsc.exe shopper utilizing the colon as follows: RDPComputerName:1350 or by IP tackle: or from the command immediate: mstsc.exe /v mstsc connect to non-standart RDP port
    If you’re utilizing RDCMan to handle a number of RDP connections, you may specify the RDP port you’ve got configured in the Connection Settings tab. rdcman - change default rdp port 3389
  7. Then you’ll efficiently hook up with the distant desktop of a pc utilizing the new RDP port. You can use the netstat –na | Find “LIST” command to ensure that your RDS is listening on one other port. nestat find new rdp port number

The full PowerShell script to alter the RDP port quantity, create the firewall rule and restart the Remote Desktop service on the new port could seem like this:

Write-host "Specify the variety of your new RDP port: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-TCP" -Name PortNumber -Value $RDPPort
New-InternetFirewallRule -ShowName "New RDP Port $RDPPort" -Direction Inbound –NativePort $RDPPort -Protocol TCP -Action Allow
New-InternetFirewallRule -ShowName "New RDP Port $RDPPort" -Direction Inbound –NativePort $RDPPort -Protocol UDP -Action Allow
Restart-Service termservice -force
Write-host "The variety of the RDP port has been modified to $RDPPort " -ForegroundColor Magenta

You can change the RDP quantity remotely on a number of computer systems in your AD area (in the particular OU) utilizing Invoke-Command and cmdlets:

Write-host "Specify the variety of your new RDP port: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
$PCs = Get-ADComputer -Filter * -SearchBase "CN=IT,CN=Computers,CN=NY,DC=woshub,DC=com"
Foreach ($PC in $PCs) {
Invoke-Command -LaptopName $PC.Name -ScriptBlock

This information to alter the normal RDP port is appropriate for any Windows model ranging from Windows XP (Windows Server 2003) and as much as trendy Windows 10  / Windows Server 2019 builds.

Check Also

How to Enable and Configure MPIO on Windows Server 2016/2012R2?

In this text we’ll contemplate how to set up and configure MPIO on Windows Server …

Leave a Reply

Your email address will not be published. Required fields are marked *