Changing the RDP listening port on Windows Server

Remote desktop protocol (RDP) is the de facto administrative console access, and it may be necessary to make it even more secure by changing the TCP port used for the network access. RDP transports on TCP 3389 by default for all supported versions of Windows; if you want to change the port, it requires a quick change in the Windows registry.

(Note: Editing the registry is risky, so be sure you have a verified backup before saving any changes.)

The following hive has the specific TCP port used for RDP:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

In this hive, the PortNumber value contains the configured port that Windows will listen for RDP connections. The default port assignment is represented as D3D in hexadecimal or 3389 in binary. For this example, I will change the port to 53389. Figure A shows this change being made on a test server.

Figure A

It may require a reboot to make the port assignment take effect (my Windows Server 2008 R2 test system did). Once the system is listening on the new port, connections need to specify the new port in the RDP client properties, as shown in Figure B.

Figure B

The Windows Server system will now listen on the new port with the Svchost.exe process, visible in task manager by entering Netstat  -a -n -o to view the current processes and list the associated executable.

Have you had to change your RDP port to another port or possibly change it back?

This entry was posted in Server 2008. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s