Its recommended to change the default port of the RDS services so that these are not scanned in network attacks
- Start the registry editor. (Type regedit in the Search box.)
- Navigate to the following registry subkey:
HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp - Find PortNumber
- Click Edit > Modify, and then click Decimal.
- Type the new port number, and then click OK.
- Close the registry editor, and restart your computer.
The next time you connect to this computer by using the Remote Desktop
connection, you must type the new port. If you’re using a firewall, make
sure to configure your firewall to permit connections to the new port
number.
You can check the current port by running the following PowerShell command:
PowerShell
Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "PortNumber"
For example:
PowerShell
PortNumber : 3389
PSPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
PSParentPath : Microsoft.PowerShell.CoreRegistry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStations
PSChildName : RDP-Tcp
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.CoreRegistry
You can also change the RDP port by running the following PowerShell
command. In this command, we’ll specify the new RDP port as 3390.
To add a new RDP Port to the registry:
PowerShell
$portvalue = 3390
Set-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "PortNumber" -Value $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue
You will need to restart RDS services for the changes to take effect or reboot the system.