Secure Use of Remote Desktop Protoco

How To Change Remote Desktop Port (Update Default Settings)

Updated on:  

What is the default remote desktop port?

Remote Desktop Protocol uses the TCP port 3389 by default. In order to improve RDP security and make it harder for cyberattacks – you should consider changing your RDP port. With over 65000 ports available, this will make it harder for any attempted hacker to guess which port you are using.

Change remote desktop port – improve security

As long as your computer is connected to the Internet or you have port forwarding set up, you can change remote desktop protocol port 3389 to any other available port number.

By updating your RDP port number, you can protect it from port scanners, thereby reducing the risk of RDP vulnerabilities like brute force or SYN flood attacks. This is especially true when network-level authentication (NLA) is turned off.

How to change your remote desktop port?

For Windows clients and servers, you need to modify the registry in order to change the default RDP port.

Using Registry Editor

  1. Open the Registry Editor by typing “regedit” in the Windows Search box and pressing Enter.

    open registry editor
  2. Do not forget to backup all the registry, by selecting the “Computer” path at the top.
  3. Right-click the “Computer” icon and select “Export” from the menu options.

    backup registry
  4. When prompted, supply a filename for the backup and select Save.
  5. Navigate to your RDP-Tcp settings via
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
  6. Double Click on Port Number to open the edit options.

    change rdp port
  7. Select the Decimal radio option in Base, and enter your desired port number in the Value data field. Click OK to continue.

    change remote desktop port number
  8. To apply your changes you’ll need to reboot your machine or restart the RDP service.

Using PowerShell

Alternatively, if you’re comfortable using PowerShell for changing the RDP port on Windows 10, follow these steps:

  1. Use the following command to find out what port is utilized by the remote desktop service:

    Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal
    Server\WinStations\RDP-Tcp' -name "PortNumber"


  2. Run the following PowerShell command and specify the new port for use:

    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal
    Server\WinStations\RDP-Tcp' -name "PortNumber" -Value 3390
    New-NetFirewallRule -DisplayName 'RDPPORTLatest' -Profile 'Public'
    -Direction Inbound -Action Allow -Protocol TCP -LocalPort 3390

For future Remote Desktop Connections, don’t forget to use the new port number. Also, don’t forget to configure the firewall (if applicable) to allow connections to that remote desktop firewall port number.

Change RDP listening port used by Firewall

If you are using a firewall, you need to change your configuration to allow connections to the new RDP port. You must create a new inbound rule to do this. If you don’t do this, and you change your RDP port on your remote server, you will not be able to access your server anymore.

  1. Open Control Panel and go to System and Security.

    system and security control panel
  2. Click on Windows Defender Firewall.

    open windows firewall
  3. Select Advanced Settings.

    firewall advanced settings
  4. Select Inbound Rules.

    inbound rules for firewall
  5. Select New Rule from the Action Pane.

    create new rule firewall
  6. Make sure the Port radio button is selected for Rule Type.

    firewall rule type
  7. Make sure the TCP radio button is selected and enter the correct port number in the Specific local ports input field.

    rdp port firewall
  8. Click the Next button and select the Allow Connection radio option.

    allow connection firewall
  9. Select the Profile option on the right, and ensure all three checkboxes are ticked for Domain, Public, and Private. Click Next to save your changes and continue.

    profile firewall
  10. In the Name Action Pane, enter a name for your rule. A description is useful should anyone else need to make changes at a later stage, but this is optional.

    name firewall rule
  11. Click Finish to complete the port change.

The new rule you created will now appear. You can double-click it to review and edit the settings if necessary.

Your changes are now completed and will take effect immediately. A system reboot is not required.