The default port used by Remote Desktop Protocol (RDP) for remote connections is TCP 3389. However, in some cases, it may be beneficial to change this port to enhance security or avoid conflicts with other services that might use the same port. Changing the default RDP port can help protect your system from unauthorized access and mitigate the risk of automated attacks, such as brute-force attacks targeting port 3389.In this article, we'll walk you through how to change the default RDP port on your Windows machine, explain why you might want to do so, and provide some best practices for securing your RDP connection.

Why Change the Default RDP Port?

Changing the default RDP port is often recommended for several reasons:

1. Security: Port 3389 is widely known and targeted by hackers. Changing the port helps prevent automated attacks that scan for open ports and attempt to exploit vulnerabilities.

2. Avoid Conflicts: In some environments, another application or service may already use port 3389. Changing the port can help resolve conflicts.

3. Compliance and Best Practices: For some businesses, changing the default RDP port is a requirement for adhering to internal security policies or industry standards.

Steps to Change the Default RDP Port

To change the default RDP port, you need to modify the Windows Registry. Follow the steps below carefully, as incorrect changes to the registry can cause issues with your system. It is advisable to back up your registry before proceeding.

 Open the Registry Editor

1. Press Windows + R to open the Run dialog box.

2. Type regedit and press Enter to launch the Registry Editor.

 Navigate to the RDP Port Settings

1. In the Registry Editor, navigate to the following key:

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

2. This path contains the RDP configuration settings.

 Modify the Port Number

1. In the RDP-Tcp key, locate a value named PortNumber. If the PortNumber value does not exist, right-click in the blank area, select New > DWORD (32-bit) Value, and name it PortNumber.

2. Right-click on the PortNumber entry and select Modify.

3. In the Value data field, enter the new port number you want to assign to RDP (e.g., 3390, 4444, etc.). Ensure the port number is in the range of 1025 to 65535, as ports below 1024 are typically reserved for well-known services.

4. Select Decimal as the base for the value and click OK to save the changes.

 Allow the New Port Through the Firewall

After changing the RDP port in the registry, you need to configure your firewall to allow traffic on the new port:

1. Open the Windows Firewall or Windows Defender Firewall.

2. Select Advanced Settings on the left panel.

3. In the Inbound Rules section, click New Rule.

4. Choose Port, and then click Next.

5. Select TCP and enter the new port number in the Specific local ports field.

6. Click Next, select Allow the connection, and follow the prompts to complete the rule creation.

 Restart the System

For the changes to take effect, restart your computer or the Remote Desktop Services.

1. Open Services by pressing Windows + R, typing services.msc, and pressing Enter.

2. Scroll down and locate Remote Desktop Services. Right-click it and choose Restart.

Alternatively, you can restart the system directly.

How to Connect Using the New Port

Once you have changed the RDP port, you must specify the new port when connecting via RDP. Here’s how:

1. Open the Remote Desktop Connection app (press Windows + R, type mstsc, and press Enter).

2. In the Computer field, type the IP address or hostname of the machine you want to connect to, followed by a colon and the new port number. For example, if you set the port to 3390, enter:

   192.168.1.100:3390

3. Click Connect, and you will be prompted to log in as usual.

Best Practices for Changing the RDP Port

1. Choose a High, Random Port: Avoid using common port numbers like 3390, as they might still be targeted by attackers. Instead, choose a random port in the range of 1025 to 65535 for added security.

2. Use Strong Passwords: Changing the RDP port alone is not sufficient to secure your system. Always use strong, unique passwords for RDP accounts to minimize the risk of brute-force attacks.

3. Enable Network Level Authentication (NLA): NLA requires users to authenticate before establishing a session, adding an extra layer of security.

4. Keep Your System Updated: Regularly install Windows updates to protect against known vulnerabilities that can be exploited through RDP.

5. Use a VPN: For added security, consider setting up a Virtual Private Network (VPN) and only allow RDP connections over the VPN.

6. Monitor RDP Connections: Use logging and monitoring tools to track RDP activity and detect suspicious connections.

FAQ – Frequently Asked Questions

 Why should I change the default RDP port?
Changing the default RDP port (TCP 3389) helps enhance security by making it harder for attackers to find and exploit RDP services. It also avoids conflicts if other services are using the same port.

 Can I use any port for RDP?
Technically, you can use any port in the range of 1025 to 65535. However, it’s best to avoid commonly used ports like 3390 and 4444, as attackers may scan these as well.

 Will changing the RDP port affect my existing connections?
Yes, after changing the port, you must specify the new port when connecting via RDP. You will also need to update any firewall rules to allow the new port.

 Do I need to change my router settings?
If you're accessing the RDP service remotely (over the internet), you will need to update your router's port forwarding settings to reflect the new RDP port.

 How can I secure RDP further after changing the port?
Besides changing the RDP port, consider enabling Network Level Authentication (NLA), using strong passwords, enabling firewall rules to restrict access by IP address, and setting up a VPN for secure access.

 What should I do if I can’t connect after changing the RDP port?
First, double-check that the new port is open in your firewall and router (if necessary). Also, ensure that you are specifying the correct port number in the Remote Desktop Connection app.

For more expert advice and IT solutions, visit www.rossetaltd.com.