Deutsch
This guide provides a step-by-step process for changing the Remote Desktop Protocol (RDP) port on Windows Server versions 2016, 2019, and 2022. Follow these instructions carefully to ensure a smooth transition to a new RDP port configuration, while also setting up necessary firewall rules.
If a step-by-step guide isn’t your style, why not check out this video tutorial. In just a few minutes, you’ll see exactly how to change your RDP port with straightforward visuals – no fuss, just the info you need.
Step 1: Open the Registry Editor
To begin changing the RDP port, access the Registry Editor by typing regedit into the Windows search bar, which will open the Registry Editor.
Step 2: Navigate to the RDP TCP Settings
Select the Registry Editor. Navigate to the RDP TCP port settings through the Registry Editor by accessing the HKEY_LOCAL_MACHINE directory.
Step 3: Access the System Directory
Within HKEY_LOCAL_MACHINE, proceed to the System directory. Navigate to CurrentControlSet, then access the Control folder. Within Control, locate the TerminalServer directory.
Step 4: Locate the Terminal Server Directory
Locate and select TerminalServerwithin the Control directory.
Step 5: Open the RDP TCP Settings
From TerminalServer, go to WnStations, and then select RDP-TCP. Identify the file labeled PortNumber. Right-click on PortNumber, select MODIFY.
Step 6: Modify the RDP Port Number
Choose the DECIMAL option and input the new port number. Once entered, confirm by clicking OK. If WINDOWS FIREWALL is enabled, proceed to open WINDOWS FIREWALL.
Step 7: Open Windows Firewall Advanced Settings
Within WINDOWS FIREWALL, navigate to ADVANCED SETTINGS, then proceed to INBOUND RULES. Here, create a new rule rather than searching for the PORT NUMBER.
Step 8: Create a New Inbound Rule for the New Port
To create a new rule, click NEW RULE, select PORT, and then click NEXT.
Step 9: Specify the New TCP Port
Opt for TCP and enter the new port number in SPECIFIC LOCAL PORTS. Click NEXT and choose to allow the connection.
Step 10: Allow the Connection
Select ALLOW THE CONNECTION, click NEXT. In the profile section, maintain the default settings and click NEXT again.
Step 11: Name and Finish the Firewall Rule
Name this rule and then click FINISH.
Step 12: Reboot the Server
To complete the process, reboot the server. Click START, then select the restart icon and choose RESTART.
NOTES
The steps for each file in the directory path to get to RDP TCP can be condensed into a single step as such:
HKEY\LOCAL\MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP
Frequently Asked Questions
What port does RDP use?
RDP (Remote Desktop Protocol) typically uses TCP port 3389 by default. This port facilitates remote desktop connections between computers over a network. For enhanced security, you can change this port or restrict access to it via firewalls or VPNs.
Why should I change the default RDP port?
Changing the default Remote Desktop Protocol (RDP) port helps improve security by reducing the chances of automated attacks and port scans. Many malicious actors specifically target port 3389, so by changing it to a non-standard port, you make your server less visible and harder for attackers to identify as running RDP services.
What port should I choose for RDP?
While there isn’t a single ‘best’ port for RDP, you should choose a port that is not commonly used by other services. Avoid well-known ports like 80, 443, or 22. For example, you could select a number between 1024 and 65535 that isn't already in use by your system. After changing the port, ensure your firewall rules are updated to allow traffic through the new port.
How do I connect to the server after changing the RDP port?
Once the RDP port is changed, you’ll need to specify the new port number when connecting to the server. In the Remote Desktop Connection client, enter the IP address or hostname of the server followed by a colon and the new port number. For example, if the new port is 3340, you would connect using the format:
192.168.0.1:3340
