Change the Default Remote Desktop (RDP) Port 3389 in Windows | Windows OS Hub

In all Windows operating systems, the default port assigned to RDP ( Remote Desktop Protocol ) is TCP 3389. After you enable RDP in Windows, the TermService ( Remote Desktop Services ) starts listening on port 3389. In this article, we ’ ll show you how to change the nonpayment RDP port count on the desktop editions of Windows ( 7/8/10/11 ) and on Windows Server using the Registry Editor and PowerShell .

UDP with the same port number (3389) for Remote Desktop connections in addition to TCP.
note that modern versions of Windows besides usewith the lapp port count ( 3389 ) for Remote Desktop connections in addition to TCP.

tcpview: shows default rdp port 3389 for udp and tcp protocols You can change the default RDP larboard number in Windows from 3389 to any other. This is most often used when you need to hide your RDP/RDS host from interface scanners that look for Windows hosts on the network with an loose RDP port TCP/3389 .
Changing the RDP port will reduce the chances of exploiting RDP vulnerabilities ( the last critical vulnerability in RDP BlueKeep is described in CVE-2019-0708 ), reduce the numeral of RDP animal force attacks ( don ’ metric ton forget to regularly analyze RDP joining logs ), SYN, and other types of attacks when NLA is disabled. Most much, the RDP port is changed on computers with a aim connection to the Internet ( VPS/ VDS ), or in networks where the border router forwards port 3389/RDP to a Windows host in your LAN .
Despite changing the port number, it is unsecure to open the RDP port on your host to the Internet. Port scanners allow an attacker to discover the RDP hearer on a fresh port ( by signature ). If you want to open RDP access to a computer on your network, it is better to use VPN, RD Web Access, RDS Gateway, and other plug connection tools .
When choosing a non-standard RDP interface, please note that it is not recommended to use ports in the range 1-1023 ( know ports ). Use a moral force port in the RPC port image ( 49152 to 65535 ), or any port in the image 1024 to 49151 that is not in use by another service or application .

How to Change the Remote Desktop Port on Windows?

In our exercise, we will change the port count on which the Remote Desktop service is listening to 1350. To do this :

  1. Open the Registry Editor (regedit.exe) and go to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp;
  2. Find the DWORD parameter with the name PortNumber. This parameter shows the port, on which the Remote Desktop service is listening. The default is 3389 (decimal);
  3. Change the value of this parameter. I have changed the RDP port to 1350 (Decimal); registry set rdp Port Number in windows 10Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name PortNumber -Value 1350 You can change the register parameter using PowerShell
  4. If Windows Firewall is enabled on your computer, you will have to create a new rule that allows inbound connection to your new RDP port. If you are reconfiguring a remote control Windows host via RDP, make sure you create allow rules in the firewall before restarting TermService, otherwise, you will lose access to the waiter;
  5. You can create an allowing inbound rule for your new TCP/UDP RDP port manually in the Windows Defender Firewall console (firewall.cpl) or using PowerShell cmdlets from the NetSecurity module:New-NetFirewallRule -DisplayName "NewRDPPort-TCP-In" -Direction Inbound -LocalPort 1350 -Protocol TCP -Action allow
    New-NetFirewallRule -DisplayName "NewRDPPort-UDP-In" -Direction Inbound -LocalPort 1350 -Protocol UDP -Action allow
    New-NetFirewallRule - allow incoming new rdp port connections
  6. Reboot your computer or restart your Remote Desktop service with this command: net stop termservice & net start termservice word image
  7. To connect to this Windows host via Remote Desktop, you have to specify the new RDP connection port in your mstsc.exe client using the colon as follows: RDPComputerName:1350 or by IP address: 192.168.1.10:1350 or from the command prompt: mstsc.exe /v 192.168.1.10:1350 mstsc connect to non-standart RDP port
    If you are using Connection Settings tab. rdcman - change default rdp port 3389 If you are using RDCMan to manage multiple RDP connections, you can specify the RDP port you have configured in thetab .
  8. Then you will successfully connect to the remote desktop of a computer using the new RDP port. You can use the netstat –na | Find “LIST” command to make sure that your Remote Desktop Service is listening on a new port. nestat find new rdp port number

note that the UDP RDP port number besides mechanically changed to 1350 ( you can check this with the TCPView cock ) .
new rdp listener port number for udp and tcp
Use the Test-NetConnection instruction to check that the default option RDP larboard 3389 is now closed ( TcpTestSucceeded: False ) :

Test-NetConnection 192.168.3.102 -port 3389 |select TcpTestSucceeded
now you need to use the raw port 1350 for the RDP connection .
check new rdp port response with powershell
Note. If you change the default RDP listening port number, you may have some troubles with using Remote Assistance, . If you change the default RDP listening port number, you may have some troubles with using Remote Assistance, shadow RDP connections in Windows 10, deoxyadenosine monophosphate well as RDS shadowing on Windows Server If you want to change the RDP port number on domain computers, you can use the Group Policy features. Create a fresh GPO that will deploy the PortNumber register parameter with the new RDP port act to domain computers .

Change RDP Listening Port Number with PowerShell

A complete PowerShell script to change the RDP port act, create the firewall rule, and restart the Remote Desktop serve might look like this :
Write-host "Specify the number of your new RDP port: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value $RDPPort
New-NetFirewallRule -DisplayName "NewRDPPort-TCP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "NewRDPPort-UDP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol UDP -Action Allow
Restart-Service termservice -force
Write-host "The number of the RDP port has been changed to $RDPPort " -ForegroundColor Magenta

You can change the RDP port number on a distant calculator. To do this, you need to enable WinRM on the outside calculator, and then you can use the Invoke-Command cmdlet to connect to the computer :
Invoke-Command -ComputerName wksname112 -ScriptBlock {Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value 1350}
If you need to change the RDP number remotely on multiple computers in your AD knowledge domain ( in the specific OU ), use the following handwriting ( you can get a list of computers in the OU using the Get-ADComputer cmdlet ) :
Write-host "Specify the number of your new RDP port: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
$PCs = Get-ADComputer -Filter * -SearchBase "CN=IT,CN=Computers,CN=NY,DC=woshub,DC=com"
Foreach ($PC in $PCs) {
Invoke-Command -ComputerName $PC.Name -ScriptBlock {
param ($RDPPort)
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value $RDPPort
New-NetFirewallRule -DisplayName "NewRDPPort-TCP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "NewRDPPort-UDP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol TCP -Action Allow
Restart-Service termservice -force
}

This guide for changing the default RDP port is desirable for any Windows interpretation starting from Windows XP ( Windows Server 2003 ) and up to modern Windows 10, Windows 11, and Windows Server 2022 builds .

source : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.