- Windows
- Windows 10
- Active Directory
- PowerShell
- Sysprep
- Windows Server
- Hardware
- Hard Drives
- Printers
- Routers
- Mobile
- Android
- iPhone
- iOS
- Office
- Outlook
- Office 365
- Drivers
- Browsers
- Reviews
- Others
- Adobe
- Internet
- Linux
- ConfigMgr
- CRM
- Browsers
- Gmail
- VMWare
- SQL
- About the Authors
- Contact Us
- Homepage
- Windows
How to Change RDP Port Number on Windows 10?
The Remote Desktop Protocol [RDP] is used to remotely access the desktop of a computer or a Windows server. By default, TCP 3389 is used for remote connection. If your computer/server is connected directly to the Internet [VDS/VPS] and has a public IP address, then from a security reasons, it is advisable to change the default RDP port number.
The fact is that most hacking tools can try to use the brute-force attack against you RDP infrastructure through the default RDP port number. There is also a high risk of exploitation of 0-day vulnerabilities against RDP. Over the past year Microsoft has fixed as many as 2 critical vulnerabilities in RDP [BlueKeep and BlueKeep-2] that could be exploited via Remote Code Execution.
How to Change Default RDP Port Number on Windows 10?
Lets see how to change the default RDP port in Windows 10. The RDP port settings are set in the PortNumber parameter in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. To manually change the RDP port number:
- Run the Registry Editor [regedit.exe] with administrator permissions;
- Go to the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp;
- Change the DWORD value of the PortNumber parameter in decimal format. For example, specify the port number 41212;
- Open the service management console [services.msc] and restart the Remote Desktop Services service.
Hint. You can also change the RDP port number from the command prompt:
reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 41212 /for with PowerShell:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value 41212If you have Windows Defender Firewall with Advanced Security enabled on your computer, you need to allow incoming TCP traffic to the new RDP port number. You can create a new rule for incoming traffic to port 41212 through the wf.msc graphical console or from the command line:
netsh advfirewall firewall add rule name="RDP new port" dir=in action=allow protocol=TCP localport=41212After that, you can connect to your Windows computer through a non-standard RDP port. For example, if you use the built-in Windows Remote Desktop Connection client [mstsc.exe], you need to specify a new RDP port number in the colon after the hostname [IP] address of the computer or use this command:
mstsc /v:192.168.10.10:41212Configuring Remote Desktop Port Forwarding
You can also change the RDP port number on which your computer is accessible externally using port forwarding technique. Those, when connecting to your computer from the Internet, you need to connect to your gateway to the specified port, and the gateway device will automatically forward this traffic to the RDP port 3389 of your intranet computer.
The specific settings that you need to make depend on the device that acts as a gateway to the Internet. For example, the IP address of your Windows computer is 192.168.1.15 and you want to configure external port forwarding [PAT] 41212 to the standard RDP port 3389.
You can use the following configuration for different device types to crete RDP port forwarding rule.
For Linux Gateway with iptables firewall:
For Windows Gateway Server:
netsh interface portproxy add v4tov4 listenport=41212 listenaddress=88.88.88.88 connectport=3389 connectaddress=192.168.1.15For Cisco routers:
Ip nat inside source static tcp 192.168.1.15 3389 88.88.88.88:41212For Microtik devices:
addchain=dstnat action=dst-nat to-addresses=192.168.1.15 to-ports=3389 protocol=tcp in-interface=ether2 dst-port=41212I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.
- How to Sync Client Time with Domain Controller on Windows?
For properly functioning in a domain, a Windows computers time must be synchronized with the
- How to Check CPU Temperature in Windows?
You need to monitor CPU temperatures in Windows to prevent your system from overheating and
- HTTP/HTTPS Requests via Invoke-WebRequest PowerShell Cmdlet
The Invoke-WebRequest cmdlet allows you to send HTTP/HTTPS/FTP requests, receive and process responses, and return
Related Post
Recent Posts
- Active Directory
- Windows
How to Sync Client Time with Domain Controller on Windows?
For properly functioning in a domain, a Windows computers time must be synchronized with the
- PowerShell
How to Transfer FSMO Roles Using PowerShell?
When you create a new Active Directory domain, by default all FSMO roles are assigned
- Active Directory
Enable/Disable MFA in Azure Active Directory
It used to be that username and password were the most secure way to authenticate
- Operating System
- Windows
How to Delete COM Port In Use?
Every time you plug in a COM or USB device to your computer, Plug-n-Play service
- Active Directory
ADSI Edit: How to View and Change Active Directory Object Properties?
The ADSI Edit tool [Active Directory Service Interface Editor] is a special mmc snap-in. It
- Office 365
How to Disable Multi Factor Authentication [MFA] in Office 365?
Multi Factor Authentication [MFA] in Microsoft 365 [Office 365] is an authentication method that requires
- Windows
- Windows 10
- Active Directory
- PowerShell
- Sysprep
- Windows Server
- Hardware
- Hard Drives
- Printers
- Routers
- Mobile
- Android
- iPhone
- iOS
- Office
- Outlook
- Office 365
- Drivers
- Browsers
- Reviews
- Others
- Adobe
- Internet
- Linux
- ConfigMgr
- CRM
- Browsers
- Gmail
- VMWare
- SQL
- t