{"id":10363,"date":"2018-11-12T06:00:41","date_gmt":"2018-11-12T13:00:41","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/?p=10363"},"modified":"2018-11-09T15:21:09","modified_gmt":"2018-11-09T22:21:09","slug":"secure-your-computer-by-modifying-the-default-rdp-port-number","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/secure-your-computer-by-modifying-the-default-rdp-port-number\/","title":{"rendered":"Secure Your Computer by Modifying the Default RDP Port Number"},"content":{"rendered":"<p>By default, Remote Desktop (formerly known as Terminal Services) uses TCP port 3389. If you use Remote Desktop Protocol (RDP) to connect to your Windows computer, you might want to consider modifying the default port for security reasons. Because there are 65,535 ports on a computer, by changing the default port number for remote desktop access to your computer, you are making it difficult for a cyberattacker to guess your custom port number. The attacker usually needs three pieces of information to hack into your computer:<\/p>\n<ol>\n<li>IP address or domain name.<\/li>\n<li>Username.<\/li>\n<li>Password.<\/li>\n<\/ol>\n<p>Because most people use the default port number (TCP 3389), the attacker does not need to specify the port number. By modifying the default port number, the attacker would need four pieces of information. For this fourth piece of information the attacker has to guess from one of the 65,535 possible ports. Because some of these port numbers are reserved for various services, technically the number will be less than 65,535, but you get the idea.<\/p>\n<p>The information in this article applies to all versions of the following Windows clients and servers.<\/p>\n<p><strong>Windows Clients<\/strong><\/p>\n<ul>\n<li>Windows 2000<\/li>\n<li>Windows XP<\/li>\n<li>Windows Vista<\/li>\n<li>Windows 7<\/li>\n<li>Windows 8<\/li>\n<li>Windows 8.1<\/li>\n<li>Windows 10<\/li>\n<\/ul>\n<p><strong>Windows Servers<\/strong><\/p>\n<ul>\n<li>Windows Server 2000<\/li>\n<li>Windows Server 2003<\/li>\n<li>Windows Server 2008<\/li>\n<li>Windows Server 2012<\/li>\n<li>Windows Server 2016<\/li>\n<li>Windows Server 2019<\/li>\n<\/ul>\n<h4><strong>How to Change the Default Port<\/strong><\/h4>\n<p>The default RDP port can be changed by modifying the registry. The procedure is identical for Windows clients and servers.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #fffec4; text-align: left; vertical-align: top;\"><span style=\"color: #ff0000;\"><strong>WARNING!<\/strong><\/span> The following procedure requires modification to the registry and should only be done by a trained professional who knows how to work with Windows Registry. Working with Windows Registry is like doing a brain surgery on your Windows computer. Modify the registry at your own risk.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>In the Windows Search box, type <strong>regedit.exe<\/strong> and press Enter. This will open the Registry Editor.<\/li>\n<li>As a precaution, you should first back up the registry. Highlight the <strong>Computer<\/strong> icon at the top of the registry.<\/li>\n<li>Right-click the Computer icon and select <strong>Export<\/strong>.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/ExportRegistry.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10360\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/ExportRegistry.png\" alt=\"Exporting Registry\" width=\"259\" height=\"183\" \/><\/a><\/li>\n<li>Enter a filename for the registry backup and click <strong>Save<\/strong>.<\/li>\n<li>Expand HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp.<\/li>\n<li>Double-click <strong>PortNumber<\/strong> in the right-hand pane.<\/li>\n<li>Click\u00a0<strong>Decimal<\/strong>\u00a0in the Base section and change the <strong>Value data<\/strong> to a different port number that is not in use, e.g. 56789, and then click <strong>OK<\/strong>.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/CustomRDPport.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10361\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/CustomRDPport.png\" alt=\"Custom Port Number\" width=\"337\" height=\"206\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/CustomRDPport.png 337w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/CustomRDPport-300x183.png 300w\" sizes=\"(max-width: 337px) 100vw, 337px\" \/><\/a><\/li>\n<li>Your screen should look something like this.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/RDP-PortNumber.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10362\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/RDP-PortNumber.png\" alt=\"Custom RDP Port Number\" width=\"740\" height=\"613\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/RDP-PortNumber.png 740w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2005\/06\/RDP-PortNumber-300x249.png 300w\" sizes=\"(max-width: 740px) 100vw, 740px\" \/><\/a><\/li>\n<li>Close the registry editor and\u00a0<strong>reboot your computer<\/strong>.<\/li>\n<\/ol>\n<p>There is one more thing that you need to do before you can connect to the computer remotely. You need to open this custom port in the firewall by adding a rule. Of course, if your firewall is disabled then you can skip this step.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #fffec4; text-align: left; vertical-align: top;\"><span style=\"color: #ff0000;\"><strong>WARNING!<\/strong><\/span>\u00a0In general, you should never disable firewall on any Windows workstation or Windows server on your network. In the old days network administrators would disable the firewall on the workstations and even servers because they felt the network firewall makes it difficult for applications to communicate on their network and they believed all the internal computers are safe behind the corporate firewall. That may have been true in the 1980s and 1990s, but those days are long gone. Today every end point on the network needs to be protected so the firewall should never be turned off on any Windows computer (at home or at business). Microsoft has made many changes to the Windows operating systems in recent years and installing applications on the Windows automatically creates rules that allow the applications to communicate properly on the network. Therefore, it&#8217;s best that you do not turn off firewall.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4><strong>Configure Firewall Rule<\/strong><\/h4>\n<ol>\n<li>Use the Windows Search box and type <strong>Control Panel<\/strong>.<\/li>\n<li>In the Control Panel click <strong>Windows Defender Firewall<\/strong>.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Windows-control-panel.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10366\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Windows-control-panel.png\" alt=\"Windows Control Panel\" width=\"828\" height=\"636\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Windows-control-panel.png 828w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Windows-control-panel-300x230.png 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Windows-control-panel-768x590.png 768w\" sizes=\"(max-width: 828px) 100vw, 828px\" \/><\/a><\/li>\n<li>Click <strong>Advanced settings<\/strong> in the left column.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10367\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings.png\" alt=\"Windows Firewall Advanced Settings\" width=\"1129\" height=\"637\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings.png 1129w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings-300x169.png 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings-768x433.png 768w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-advanced-settings-1024x578.png 1024w\" sizes=\"(max-width: 1129px) 100vw, 1129px\" \/><\/a><\/li>\n<li>In the <em>Windows Defender Firewall with Advanced Security<\/em> window click <strong>Inbound Rules<\/strong>.<\/li>\n<li>In the right-hand Actions pane\u00a0click <strong>New Rule<\/strong>.<\/li>\n<li>In the Rule Type window select the <strong>Port<\/strong> radio button.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-port.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10368\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-port.png\" alt=\"Firewall Rule Type - Port\" width=\"716\" height=\"582\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-port.png 716w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-port-300x244.png 300w\" sizes=\"(max-width: 716px) 100vw, 716px\" \/><\/a><\/li>\n<li>In the Protocols and Ports window make sure <strong>TCP<\/strong> is select and in the <strong>Special local ports<\/strong> box enter the port number you want to use for RDP, e.g. 56789.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-protocols-and-ports.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10369\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-protocols-and-ports.png\" alt=\"Firewall Protocols and Ports\" width=\"718\" height=\"583\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-protocols-and-ports.png 718w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-protocols-and-ports-300x244.png 300w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><\/a><\/li>\n<li>In the Action Window click <strong>Next <\/strong>to accept the option to <em>Allow the connection<\/em>.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-allow-connection.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10370\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-allow-connection.png\" alt=\"Windows Firewall - Allow Connection\" width=\"719\" height=\"584\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-allow-connection.png 719w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-allow-connection-300x244.png 300w\" sizes=\"(max-width: 719px) 100vw, 719px\" \/><\/a><\/li>\n<li>In the Profile window click <strong>Next<\/strong> so the rule applies to <em>Domain, Private and Public<\/em> profiles.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-profile.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10371\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-profile.png\" alt=\"Firewall - Profile\" width=\"719\" height=\"582\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-profile.png 719w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-profile-300x243.png 300w\" sizes=\"(max-width: 719px) 100vw, 719px\" \/><\/a><\/li>\n<li>In the Name window type a name for the rule, e.g. <strong>Custom RDP Port<\/strong>. You can also enter an optional description.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-name.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10372\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-name.png\" alt=\"Firewall Rule Name\" width=\"716\" height=\"581\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-name.png 716w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Firewall-rule-name-300x243.png 300w\" sizes=\"(max-width: 716px) 100vw, 716px\" \/><\/a><\/li>\n<li>Click <strong>Finish<\/strong>.<\/li>\n<li>You can double-click the rule you created to verify the settings or make any changes if necessary.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Custom-RDP-port-properties.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10373\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Custom-RDP-port-properties.png\" alt=\"Custom RDP Port Properties\" width=\"438\" height=\"584\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Custom-RDP-port-properties.png 438w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Custom-RDP-port-properties-225x300.png 225w\" sizes=\"(max-width: 438px) 100vw, 438px\" \/><\/a><\/li>\n<li>You have successfully created the firewall rule to allow RDP on a custom port. There is no need to restart the computer. Close the Windows Firewall and Control Panel.<\/li>\n<\/ol>\n<h4><strong>Connecting to a Remote Computer with Custom Port Number<\/strong><\/h4>\n<ol>\n<li>In the Windows Search box type <strong>mstsc.exe<\/strong> and start the Remote Desktop Connection app.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Starting-RDP-session.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10374\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Starting-RDP-session.png\" alt=\"Starting an RDP Session\" width=\"404\" height=\"209\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Starting-RDP-session.png 404w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/Starting-RDP-session-300x155.png 300w\" sizes=\"(max-width: 404px) 100vw, 404px\" \/><\/a><\/li>\n<li>Type the computer&#8217;s IP address or the domain name, followed by the custom RDP port number, e.g. <strong>CONTOSO.COM:56789<\/strong>, and then click <strong>Connect<\/strong>.<br \/>\n<span style=\"text-decoration: underline;\">NOTE<\/span>:\u00a0If you were to use an IP address, you will still enter the port number at the end, e.g. <strong>10.1.1.52:56789<\/strong>.<br \/>\n<a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/RDC-entry.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-10375\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/RDC-entry.png\" alt=\"Remote Desktop Connection (RDC)\" width=\"413\" height=\"258\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/RDC-entry.png 413w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/11\/RDC-entry-300x187.png 300w\" sizes=\"(max-width: 413px) 100vw, 413px\" \/><\/a><\/li>\n<li>When prompted, enter the username and password to connect to the remote computer.<\/li>\n<\/ol>\n<p>To determine which port number to use, visit\u00a0<a class=\"entrylink\" href=\"https:\/\/www.zubairalexander.com\/blog\/common-port-numbers\/\">TCP\/IP port numbers<\/a>.\u00a0Port numbers 0 through 1023 are called well-known ports, while port numbers 1024 through 49151 are registered ports. It&#8217;s best to pick one of the port numbers between 49152 and 65535 because these are dynamic or private ports and are not likely to be used by any application or service that you are running. If you prefer a port number with four digits, just pick a random port number higher than 5000 and you should be in good shape.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #e3e3e3; text-align: left;\">Thanks for reading my article. If you are interested in IT training &amp; consulting services, please reach out to me. Visit <a href=\"https:\/\/www.zubairalexander.com\/\" target=\"_blank\" rel=\"noopener\">ZubairAlexander.com<\/a> for information on my professional background.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p><span style=\"font-size: xx-small; font-family: Verdana;\">Copyright \u00a9 2018 <a href=\"https:\/\/www.seattlepro.com\/\" target=\"_blank\" rel=\"noopener\">SeattlePro Enterprises, LLC<\/a>. All rights reserved.<br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By default, Remote Desktop (formerly known as Terminal Services) uses TCP port 3389. If you use Remote Desktop Protocol (RDP) to connect to your Windows computer, you might want to consider modifying the default port for security reasons. Because there are 65,535 ports on a computer, by changing the default port number for remote desktop [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":8601,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[43,33,24,11,41,76,48,38,30,65,80,58,64,37,40],"tags":[],"class_list":["post-10363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles","category-remote-desktop","category-security","category-tips-tricks","category-win2k-pro","category-windows-10","category-windows-2000","category-windows-2003","category-longhorn-server","category-windows-2012","category-windows-2016","category-windows-7","category-windows-8","category-windows-vista","category-windows-xp"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2017\/08\/Security2.jpg","_links":{"self":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/10363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/comments?post=10363"}],"version-history":[{"count":0,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/10363\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media\/8601"}],"wp:attachment":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media?parent=10363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/categories?post=10363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/tags?post=10363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}