black pen on red laptop computer

How to Change Windows RDP Port for Enhanced Security

by

Remote Desktop Protocol (RDP) is a powerful tool that allows users to connect and manage their Windows servers and computers remotely. However, leaving the RDP port at its default value (3389) can expose your system to potential security risks. By changing the default Windows RDP port, you can make your server less susceptible to automated attacks and unauthorized access attempts. In this guide, we will walk you through the step-by-step process of changing the Windows RDP port.

Why Change the Default RDP Port?

Changing the default RDP port provides several benefits:

  • Enhanced Security: Attackers often target the default RDP port (3389). Changing it reduces the risk of brute force attacks.
  • Obfuscation: While not a replacement for strong security measures, using a non-default port adds an extra layer of difficulty for attackers.
  • Reduced Automated Scans: Automated scripts and bots scan for open 3389 ports. Changing the port can make your system less likely to appear in such scans.

Let’s dive into the detailed process of changing the Windows RDP port on your Windows Server or PC.

Steps to Change the Windows RDP Port

Follow these steps to change the default RDP port on your Windows server or computer:

1. Backup Your System

Before making any changes, it’s crucial to back up your system. This ensures you can restore your configuration if anything goes wrong during the process.

  • Create a system restore point.
  • Backup your Windows registry.

2. Access the Windows Registry Editor

The Windows Registry is where the RDP port is defined. To access it:

  1. Press Win + R to open the Run dialog box.
  2. Type regedit and press Enter.
  3. If prompted by User Account Control (UAC), click Yes to proceed.

3. Navigate to the RDP Port Setting

Once in the Registry Editor, navigate to the following path:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Here, you will find the setting that controls the RDP port.

4. Modify the RDP Port Number

To change the RDP port:

  1. Locate the PortNumber key in the right pane.
  2. Right-click on PortNumber and select Modify.
  3. In the dialog box, select Decimal as the base.
  4. Enter your desired port number. Choose a port number between 1025 and 65535 to avoid conflicts with well-known ports.
  5. Click OK to save your changes.

5. Update Windows Firewall to Allow the New Port

Changing the RDP port in the registry is not enough. You also need to update your Windows Firewall settings to allow traffic through the new port.

  1. Open the Windows Firewall settings:
    • Press Win + R, type wf.msc, and press Enter.
  2. Create a new inbound rule:
    • Click Inbound Rules in the left pane.
    • Click New Rule in the right pane.
    • Select Port and click Next.
    • Choose TCP, enter your new port number, and click Next.
    • Select Allow the connection, then click Next.
    • Apply the rule to all network profiles (Domain, Private, Public), and click Next.
    • Name the rule (e.g., “RDP Custom Port”) and click Finish.

6. Restart Your Computer

For the changes to take effect, restart your computer or server. This ensures the new RDP port is applied and functional.

7. Connect Using the New RDP Port

When connecting to your remote desktop, you’ll need to specify the new port in the connection details:

  • Use the format: IP_Address:Port_Number
  • Example: 192.168.1.100:5000

This tells the Remote Desktop client to connect using the specified port.

Additional Tips for Securing Remote Desktop

While changing the default RDP port enhances security, it’s just one of many steps you should take. Here are additional tips to secure your Windows Server RDP:

1. Enable Network Level Authentication (NLA)

Network Level Authentication requires users to authenticate before a remote session is established. This reduces the risk of unauthorized access.

  • Go to System Properties > Remote Settings.
  • Under “Remote Desktop,” check the box for Allow connections only from computers running Remote Desktop with Network Level Authentication.

2. Use Strong Passwords

Ensure all accounts with RDP access have strong, unique passwords. Avoid common or easily guessable passwords.

3. Restrict RDP Access to Specific IP Addresses

If possible, restrict RDP access to specific IP addresses using Windows Firewall. This limits access to trusted devices only.

  1. Open Windows Firewall and edit your inbound RDP rule.
  2. Under the “Scope” tab, specify the allowed IP addresses.

4. Enable Two-Factor Authentication (2FA)

Using two-factor authentication adds an additional layer of security. Tools like Microsoft Authenticator or third-party 2FA solutions can be integrated with Windows RDP.

5. Use a VPN

A Virtual Private Network (VPN) creates a secure tunnel for remote connections. This ensures RDP traffic is encrypted and accessible only to VPN-connected devices.

6. Regularly Monitor and Update

Keep your system updated with the latest security patches and monitor logs for unusual activity. This helps you stay ahead of potential threats.

Common Issues When Changing RDP Port

Changing the RDP port is generally straightforward, but you may encounter some issues. Here’s how to troubleshoot common problems:

  • Cannot Connect to Remote Desktop:
    • Ensure the new port is open in the firewall.
    • Double-check that the port number was correctly modified in the registry.
  • Conflict with Other Applications:
    • Verify that the new port is not being used by another application. Use the command netstat -aon to check for conflicts.
  • Firewall Rules Not Applied:
    • Confirm that the new inbound rule was created and applied to all profiles (Domain, Private, Public).

Changing the default Windows RDP port is a simple yet effective way to enhance the security of your remote desktop connections. By following the steps outlined in this guide, you can minimize the risk of unauthorized access and protect your Windows server or PC from potential threats. Additionally, implementing other security measures, such as enabling NLA, using strong passwords, and setting up a VPN, will further safeguard your remote desktop setup.

Remember, securing your RDP is an ongoing process. Regularly review and update your security settings to stay ahead of evolving threats. Whether you’re managing a Windows server or a personal computer, a secure RDP setup ensures peace of mind and reliable remote access.

Affiliate Disclosure: I personally rank vendors based on thorough testing and detailed research, while also taking your feedback and my commercial partnerships with providers into account. Some links on this site are affiliate links.

© 2024 Thank you for visiting razib.in
Privacy PolicyTermsContact