How to Change The RDP Port on Windows 10
You can access and control third-party Windows PCs with the Remote Desktop Protocol (RDP) but to do that you must change the RDP port. To do this, you must open the correct ports in the right Router in your network. In this article, we will show you what the RDP port default value is, What security risks there are if you don’t change it and how to change the port manually.
Why Should You Change The Port?
Windows uses a default port value of 3389. This is common knowledge and hackers can use this to their advantage. They can easily launch brute force attacks to access your remote client easily. This port also is prone to get exploited by a Denial of Service Attack Against Windows NT Terminal Server. This happens by attackers sending a large number of connections to the 3389 port which overloads the memory and renders the remote client out of service. This happens by either getting a connection time while a low bandwidth continuous attack is performed by the attacker.
So you either have to change the RDP port to have a better chance at not getting hacked by this really easily exploited vulnerability in windows remote protocol. But before that you must enable the remote desktop connection on the PC you want to connect to.
Enabling Remote Desktop on Windows
Using remote desktop has become relatively easy in the latest versions of windows. There is a handy step list at the microsoft website that you can use to get up and running. But if you are a visual learner we have made a step list to easily guide you through it with screenshots so it's easier to follow. Here is how to enable Remote Desktop Connections on Windows 10:
Enable Remote Desktop on Your PC
Press the Start button and then search for "remote desktop settings". Click the program that shows up.
Then in the settings app, press the switch under the Enable Remote Desktop to enable Remote Desktop Connectionsalt
First Things First
In order for RDP to be able to access the external Windows computer, port 3389 must have been opened there (in the network of the target PC). To be able to do this you have to do two things first
- You must open then port on your router.
- Then you must open the port in your firewall, if you use one.
But be careful: the standard port of RDP is often used by malware. If you open it in your system, this can create a security risk. Therefore, you should either close the port immediately after remote access or change it directly.
Change RDP port under Windows
The RDP port cannot be easily changed via the Windows program interface, but there is at least one parameter in the registry. The port can be changed relatively quickly.
How to Change the RDP port
- To do this, press the key combination [Windows] + [R] so that the Run dialog opens.
- Enter the "regedit" command there and confirm with [Enter]. Under certain circumstances you may have to allow the registry to be started with "Yes" via the user account control.
- In the new window navigate to the path "HKEY_LOCAL_MACHINE> SYSTEM> CurrentControlSet> Control> Terminal Server> WinStations> RDP-Tcp".
- In the right pane, double-tap the "PortNumber" entry. A small window opens.
- Set the "Base" to the "Decimal" entry at the bottom right.
- Enter the desired port under "Value".
- Save your changes with "OK" and restart your computer. Windows is now using the new port for the remote connection.
How to Open ports in the Windows 10 firewall
- Click "Windows Defender Firewall" via "Start"> "Control Panel". Depending on the service pack, you must first click "System and Security" in the Control Panel to find the Windows firewall.
- Click on "Advanced Settings" in the top left menu.
- The "Windows Firewall with Extended Security" window opens. Click on "Inbound rules" in the left display.
- In the right display you will find the "Actions" Tab. Click on "New Rule" here.
- Select the "Port" rule type and click "Next".
- You can now choose which network protocol (TCP or UDP) this rule applies to. Choose e.g. "UDP". Under "Specific local ports" enter a port or a range of ports to be released, e.g. "9320-9326". Then click Next".Now specify an action to be taken when a connection meets the specified conditions. In this case, select "Allow connection". Click on "Next".
- In the following window you can select the network profiles to which you want to apply this rule, e.g. only in public networks. You can also leave the check marks on all networks, so the rule is carried out in all networks. Click "Next" again.
- You can now find the rule you have created at the top of the "Windows Firewall with Advanced Security" window.
Does This Mean My Remote Client Is Secure Now?
After changing your RDP port you are safer but not totally safe. If the hackers decide to they can sniff some of the outgoing packets of your client and find the RDP port that you are using and begin attacking again. There are not many features that stop hackers from attacking your client in the windows default settings. And you can change rdp port so many times before it is found again. This is where third party software comes into play.
The best way to protect your remote desktop client from attackers is to get a good firewall. Although there are many companies offering firewall options there used to be no specific firewalls for remote clients. But that changed with SUN FIREWALL. SUNFIREWALL has some nice features that can help you protect your remote desktop clients. It has been designed exclusively for remote desktop client security. There is an option for securing your client against brute force attacks, having two-factor authentication and also get more information about potential hackers and automated systems to detect and protect you against hackers. Just give our products section a quick look and see for yourself what we offer. You can try it free right now.
So after you change RDP ports on your computer go and check out the SUNFIREWALL software to give your remote clients extra levels of security.