How do you change the default RDP port and why?

Why should you change the standard RDP port 3389?

Servers or computers that hang on the Internet are inevitably a target for any purpose – if the corresponding port is ( 3389 ) open, it is called very often, to establish a connection and possibly crack the administrator account with Brute-Force (accordingly, the administrator password used should not be trivial ).

The standard port should not be used as a further complication. This is not real protection in itself, because with the appropriate port scanner, the alternative port can of course also is discovered – but it makes it more difficult for the mass of attackers and, like a house break-in, the more difficult the higher the probability that the break-in will be stopped ( higher probability to be discovered, but also higher use of resources ) and there are probably lighter targets.


How do you change the default RDP port?

With a remote computer, it is problematic to change the RDP port. A mistake and you may not be able to get on the computer anymore – because you also have to remember that the firewall and possibly the router is configured to allow incoming traffic on the desired port:

  • The desired port is entered in the registry in the key [ HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ TerminalServer \ WinStations \ RDP-Tcp ] and value [ PortNumber ] ( Standard: 3389 ) – the desired port should not collide with existing standard ports ( not HTTP – port 80 / or HTTP – port: 443 etc. use; – ) ) and ATTENTION: By default, the input is in hexadecimal (, so maybe switch to decimal before entering it; – )
  • The desired port must then be configured as a detailed rule in the Windows firewall ( otherwise this will not work with the connection )
  • The desired port may also have to be configured in the router as a detailed rule ( port activation ) ( otherwise this will not work with the connection )

Since RDP accesses port 3389 by default, the port must be specified with Postfix: < Wishport > when establishing the connection, i.e. instead of < Domain name or. IP address > must be connected to < domain name / IP address >: < desired port >.

The changes regarding the desired port only apply with a restart.