How To Change Remote Desktop Port (Update Default Settings)
What is the default remote desktop port?
Remote Desktop Protocol uses the TCP port 3389 by default. In order to improve RDP security and make it harder for cyberattacks – you should consider changing your RDP port. With over 65000 ports available, this will make it harder for any attempted hacker to guess which port you are using.
Change remote desktop port – improve security
As long as your computer is connected to the Internet or you have port forwarding set up, you can change remote desktop protocol port 3389 to any other available port number.
By updating your RDP port number, you can protect it from port scanners, thereby reducing the risk of RDP vulnerabilities like brute force or SYN flood attacks. This is especially true when network-level authentication (NLA) is turned off.
How to change your remote desktop port?
For Windows clients and servers, you need to modify the registry in order to change the default RDP port.
Using Registry Editor
- Open the Registry Editor by typing “regedit” in the Windows Search box and pressing Enter.
- Do not forget to backup all the registry, by selecting the “Computer” path at the top.
- Right-click the “Computer” icon and select “Export” from the menu options.
- When prompted, supply a filename for the backup and select Save.
- Navigate to your RDP-Tcp settings via
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. - Double Click on Port Number to open the edit options.
- Select the Decimal radio option in Base, and enter your desired port number in the Value data field. Click OK to continue.
- To apply your changes you’ll need to reboot your machine or restart the RDP service.
Using PowerShell
Alternatively, if you’re comfortable using PowerShell for changing the RDP port on Windows 10, follow these steps:
- Use the following command to find out what port is utilized by the remote desktop service:
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp' -name "PortNumber" - Run the following PowerShell command and specify the new port for use:
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp' -name "PortNumber" -Value 3390
New-NetFirewallRule -DisplayName 'RDPPORTLatest' -Profile 'Public'
-Direction Inbound -Action Allow -Protocol TCP -LocalPort 3390
For future Remote Desktop Connections, don’t forget to use the new port number. Also, don’t forget to configure the firewall (if applicable) to allow connections to that remote desktop firewall port number.
Change RDP listening port used by Firewall
If you are using a firewall, you need to change your configuration to allow connections to the new RDP port. You must create a new inbound rule to do this. If you don’t do this, and you change your RDP port on your remote server, you will not be able to access your server anymore.
- Open Control Panel and go to System and Security.
- Click on Windows Defender Firewall.
- Select Advanced Settings.
- Select Inbound Rules.
- Select New Rule from the Action Pane.
- Make sure the Port radio button is selected for Rule Type.
- Make sure the TCP radio button is selected and enter the correct port number in the Specific local ports input field.
- Click the Next button and select the Allow Connection radio option.
- Select the Profile option on the right, and ensure all three checkboxes are ticked for Domain, Public, and Private. Click Next to save your changes and continue.
- In the Name Action Pane, enter a name for your rule. A description is useful should anyone else need to make changes at a later stage, but this is optional.
- Click Finish to complete the port change.
The new rule you created will now appear. You can double-click it to review and edit the settings if necessary.
Your changes are now completed and will take effect immediately. A system reboot is not required.