How to Change Remote Desktop Port
Are you aware of the notorious BlueKeep vulnerability? It exploited port 389 by sending a specially-crafted message that enabled the hackers to run any kind of code remotely on compromised systems. Given the security threat that RDP poses, it is advised to turn off RDP when it’s not necessary, but there are certain times when you buy Windows VPS hosting to use it all the time. You can’t just use the remote desktop. However, there are ways to change the RDP port number from its default number.
It won’t necessarily make your Windows system totally secure; however, it will aid in stopping some hackers who use scripts. In this article, we’ll go over how to change the remote desktop connection port and why it is necessary to do so.
Remote Desktop Remote Access
Windows operating systems have an integrated Microsoft Remote Desktop, a client program that allows users to connect and access resources as well as documents on remote computers through the Internet.
How Do They Work?
Let’s say you have just bought the best Windows VPS hosting service. When you begin an online desktop session, your computer transmits a signal to the host computer through an open port 3389, asking for permission for connection. The host computer asks for login credentials, compares them against the list of remote desktop users that have been configured and then grants permission.
Once you’ve logged into the system, the listening port relays your mouse and keyboard motions to your host’s computer. It then collects and displays the information from the host computer to your computer. It’s almost like the remote computer trying to work with it! All this is due to the back-and-forth communication via your listening ports.
But be aware that hosts allow only just one connection from a remote device at a given time. If a user tries to connect to the host’s computer or connect to it via a different device, then the remote connection will be lost.
As you can probably tell, it is clear that listeners’ ports play an essential element in remote desktops.
In certain ways, the importance of listening ports can be an area of vulnerability for hackers, as they can gain access to the listening port and connect to computers from afar.
Why Should You Change the Default RDP Port on Windows?
Microsoft utilizes an industry-standard port number 3389 to connect to remote connections in general, and it’s no secret. There are many instances where hackers use the listening port 3389 in order to access remote computers and employ the system of automated authentication to obtain access. These are known as “password spraying” and brute force attacks similar to the one recently discovered by Microsoft.
This is certainly an extremely serious security flaw that could expose your remote system to hackers.
To mitigate this vulnerability, administrators are often able to change the RDP port’s number to a different port that is free, making it difficult for hackers to detect the port that RDP is listening to.
Apart from protecting themselves from hackers, administrators can also change their RDP port numbers in order to be able to bypass firewalls.
To protect themselves, certain firewalls in systems are configured to block both outgoing and inbound messages sent to and from port 3389 and vice versa. This is done to block hackers from signing into the port, rather as opposed to blocking remote access.
How to Change the Remote Desktop Port on Windows 10
Now that you know the importance of changing the default port, you may get right into it as soon as possible.
Generally speaking, there are two methods that you can use to change the port number; whether you buy Windows VPS hosting or your personal computer, you can use either the registry or PowerShell to do so.
While neither is superior to the other, it’s much more of a personal choice. If you are familiar with PowerShell and would prefer getting things done with code, then this is the way to go.
Using Windows Registry
This is a step-by-step tutorial on changing the remote desktop port in Windows 10.
Select Windows + R to open the Run dialog box. Type Regedit to start the editor for the registry.
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
- Look for Port Number.
- Click Edit > Modify.
- Then enter the number of the newly opened port, then click OK.
- Stop the registry.
- Make sure to restart your system.
If your remote computer is running a firewall, be sure that you configure it in order to permit connections through the latest port number.
How to Change Remote Desktop Port on Windows Server 2016
It’s strongly recommended to change the Windows remote desktop’s default port to ensure security.
You can change the RDP port by following these steps. Firstly, you’ll have to change the port and then define the port in the firewall rule.
Change the remote desktop connection port:
- The registry editor can be opened using the search function Regedit in the Windows search box or using Run.
- Find the following in the regedit application:
- Search for the PortNumber and then right-click it and alter it.
- Be sure to choose Decimal under the Base option
- Switch the port’s port to whatever number you like. Let’s say 4545 and then click OK.
- Stop using the registry editor.
- Open Firewall (Windows Defender Firewall with Advanced Security)
- From the left sidebar, click on Inbound Rules.
- From the right sidebar, click on New Rule.
- Choose a Port Click Next
- Choose the TCP port and enter the port number into the local port you want to use, then click the next button until you arrive at the section where you need to input a name for the rule and give the rule a title and click to finish. (Repeat from #7 until #11 to use UDP)
- Try connecting via RDP as normal, but when you type in the IP, make sure to enter the custom port number following the IP with this format IP:Port (e.g., 184.108.40.206:4545)
You can also alter your RDP port by using one of the below PowerShell commands. With this option, you’ll indicate our current RDP port number as 4545.
To add the new RDP Port in the Registry:
Set-ItemProperty -Path ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “PortNumber” -Value 4545
Then add a Firewall Rule to open port 1234 in the Public profile by using PowerShell
New-NetFirewallRule -DisplayName ‘RDPPORT_TCP’ -Profile ‘Public’ -Direction Inbound -Action Allow -Protocol TCP -LocalPort 4545
Now restart the server using the following script:
Restart-Service -Force -DisplayName “Remote Desktop Services”
In short, when you buy a Windows VPS server, you may want to connect to it using the RDP. RDP helps to connect to remote devices, and all communications between devices occur via listening ports. In particular, port 3389 is the one used as a default port for remote connections.
However, hackers may employ techniques of brute force attack to gain access to remote devices via the default port. Therefore, many security professionals and administrators prefer changing the port number in order to make it more difficult for hackers to gain access to remote devices. Sometimes, this modification is needed to bypass firewalls too.