Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows 11 / Changing the Default RDP Port (3389) on Windows

April 17, 2025

Changing the Default RDP Port (3389) on Windows

By default, Windows uses TCP port 3389 to connect to the desktop of a remote computer via the RDP (Remote Desktop Protocol). This article describes how to change the default port number for the RDP service to a different port number for both desktop versions of Windows and Windows Server.

Contents:
  • How to Change the Remote Desktop Port on Windows
  • Change the Remote Desktop Listening Port with PowerShell

Once you have enabled RDP access in Windows, the TermService (Remote Desktop Services) will start listening on port 3389.

tcpview: shows default rdp port 3389 for udp and tcp protocols

Modern versions of Windows also use the UDP protocol in addition to TCP for Remote Desktop connections, using the same port number, 3389. When using VPN, the UDP transport protocol may cause RDP sessions to freeze or disconnect.

Why might it be necessary to change the default RDP port 3389 to a different one?

  • Most commonly, this is used to hide the RDP/RDS host from automatic port scanners that scan the Internet for Windows hosts with the default RDP port 3389 open.
  • Changing the RDP port reduces the chance of RDP vulnerabilities being exploited and reduces the number of RDP brute force attacks, SYN, and other types of attacks (don’t forget to regularly analyze RDP connection logs).
  • Changing the RDP port is typically done on computers with a direct Internet connection (such as VPS/VDS) or in networks where the edge router forwards port 3389/RDP to a Windows host inside the LAN.
Despite changing the port number, exposing the open RDP port to the Internet is not recommended. Port scanners can detect the presence of an RDP listener on the new port based on the response signature. If you need to enable external RDP access to a computer on a local network, it’s recommended to use secure connection technologies like VPN, RD Web Access, or RD Gateway instead of exposing RDP directly to the Internet.

When changing the RDP port number to a non-standard one, it is not recommended to use port numbers in the range 1 to 1023 (known ports). Select any unused port from the user ports range (1024 to 49151) or from RPC (49152 to 65535). Make sure the port you choose isn’t being used by another process or service (for example, 1350)

netstat -aon | findstr “:1350” | findstr “LISTENING”

netstat: check tcp port not used

How to Change the Remote Desktop Port on Windows

To quickly replace the default RDP port number with the specified one, simply run the following commands with administrator privileges (in this example, we will change the port number that the Remote Desktop Service listens on to 1350):

set p=1350
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d %p% /f
netsh advfirewall firewall add rule name="Custom-RDP-Port-TCP" protocol=TCP localport=%p% action=allow dir=IN
netsh advfirewall firewall add rule name="Custom-UDP-Port-UDP" protocol=UDP localport=%p% action=allow dir=IN
net stop TermService /y
net start TermService

commands to change rdp port and update firewall

These commands will change the RDP port number, create inbound rules for the new port in the Windows Firewall, and restart the TermService service.

Let’s break down what these commands do and how to manually change the default RDP port number in Windows

  1. Open the Registry Editor (regedit.exe) and go to the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp;
  2. Find the DWORD registry parameter with the name PortNumber. This parameter contains the port number on which the Remote Desktop Service listens for connections. The default is 3389 (decimal)
  3. Change the value of this parameter. I changed the RDP port to 1350 (Decimal) registry set rdp Port Number in windows 10
    You can change the registry parameter by using PowerShell: Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name PortNumber -Value 1350
  4. Create new rules in Windows Firewall to allow incoming connections to the new RDP port number. if you’re reconfiguring a remote Windows host via RDP, be sure to create the necessary allow rules in the firewall before restarting the TermService. Otherwise, you may lose remote access to the host. You can manually create inbound rules for your new TCP/UDP RDP port in the Windows Defender Firewall console (wf.msc) or use PowerShell to create firewall rules: create rules by using the PowerShell cmdlets:
    New-NetFirewallRule -DisplayName "NewRDPPort-TCP-In" -Direction Inbound -LocalPort 1350 -Protocol TCP -Action allow
    New-NetFirewallRule -DisplayName "NewRDPPort-UDP-In" -Direction Inbound -LocalPort 1350 -Protocol UDP -Action allow
  5. Restart Windows or restart the Remote Desktop Services with the command: net stop termservice & net start termservice
  6. To connect to the Remote Desktop on this Windows computer using a custom RDP port, enter the port number in the mstsc.exe client after the IP address or hostname, separated by a colon, like this: RDPComputerName:1350 or by IP address: 192.168.1.10:1350 or from the command prompt: mstsc.exe /v 192.168.1.10:1350 mstsc connect to non-standart RDP port

    If you are using the RDCMan manager for RDP connections, the new RDP connection port number is specified in the Connection Settings tab. rdcman - change default rdp port 3389
  7. You should now be able to successfully connect to a remote desktop using the new RDP port number.  To verify that the RDP service is now listening on a different port, use the netstat –na | Find "LIST"command. nestat find new rdp port number

Note that the UDP RDP port number has also changed to 1350 (use the TCPView tool to check this).

new rdp listener port number for udp and tcp

Use the Test-NetConnection command to check that the default RDP port 3389 is now closed (TcpTestSucceeded: False):

Test-NetConnection 192.168.3.102 -port 3389 |select TcpTestSucceeded

check new rdp port response with powershell

Note. Changing the RDP listening port number in Windows might cause problems with Remote Assistance and shadow RDP connections.

To change the RDP port number on multiple domain computers, you can use Group Policies. Create a new GPO that deploys the PortNumber registry parameter with the new RDP port number to domain computers.

Change the Remote Desktop Listening Port with PowerShell

The complete PowerShell script code to change the RDP port number, create the firewall rules, and restart the RDP service might look like this

Write-host "Specify the number of your new RDP port: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value $RDPPort
New-NetFirewallRule -DisplayName "NewRDPPort-TCP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "NewRDPPort-UDP-In-$RDPPort" -Direction Inbound –LocalPort $RDPPort -Protocol UDP -Action Allow
Restart-Service termservice -force
Write-host "The number of the RDP port has been changed to $RDPPort " -ForegroundColor Magenta

If WinRM is enabled on the remote computer, you can use the Invoke-Command cmdlet to change the RDP port number remotely.

Invoke-Command -ComputerName wksname112 -ScriptBlock {Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value 1350}

0 comment
5
Facebook Twitter Google + Pinterest
PowerShellWindows 10Windows 11Windows Server 2022
previous post
Fix: Screen Brightness Control Not Working on Windows 10 or 11
next post
How to Disable Microsoft Teams Auto Startup

Related Reading

How to Repair EFI/GPT Bootloader on Windows 10...

March 16, 2024

How to Restore Deleted EFI System Partition in...

March 11, 2024

How to Repair Windows Boot Manager, BCD and...

March 11, 2024

PowerShell: Get Folder Size on Windows

April 2, 2024

Fix: The Computer Restarted Unexpectedly or Encountered an...

May 16, 2024

How to Download Offline Installer (APPX/MSIX) for Microsoft...

March 12, 2024

Network Computers are not Showing Up in Windows...

March 15, 2024

Windows Doesn’t Automatically Assign Drive Letters

March 15, 2024

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Install and Manage Windows Updates with PowerShell (PSWindowsUpdate)
  • How to Download Offline Installer (APPX/MSIX) for Microsoft Store App
  • Configuring Port Forwarding in Windows
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Start Menu or Taskbar Search Not Working in Windows 10/11
  • Adding Drivers into VMWare ESXi Installation Image
  • Tracking and Analyzing Remote Desktop Connection Logs in Windows
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top