Are you looking to enhance the security of your Windows Server by changing the default RDP port? You’re in the right place. Remote Desktop Protocol (RDP) is a common target for cyberattacks, and one effective way to secure your server is by modifying its default port. Whether you’re using Windows Server 2016, 2019, or 2022, this guide will walk you through the steps seamlessly.
Remember, changing the RDP port is a straightforward process, but it’s crucial to follow each step carefully to avoid connectivity issues.
In this article, you’ll learn:
- Why changing the RDP port is important for security
- The exact steps to change the RDP port on different versions of Windows Server
- Best practices to follow after changing the port
Let’s dive in and make your server more secure!
Changing the RDP Port on Windows Server 2016: Step-by-Step Guide
Changing the RDP port can enhance the security of your server by obscuring your remote desktop service. Here are the steps you’ll need to follow:
- Open the Registry Editor: Press Win + R, type
regedit, and press Enter. If prompted by User Account Control, click Yes. This opens the Registry Editor. - Navigate to the RDP Configuration Registry Key: Go to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. This path holds the settings for your Remote Desktop Protocol (RDP). - Modify the PortNumber setting: Locate the
PortNumberentry in the right pane. Double-click on it. In the Edit DWORD (32-bit) Value box, select the Decimal option. Enter your new port number, such as33091, and click OK. - Update Windows Firewall Rules: To ensure the new port is allowed through the firewall, open the Windows Defender Firewall from the Control Panel. Click on Advanced settings to open the Firewall rules. Create a new inbound rule for TCP port
33091and allow the connection. - Restart the Server: Save your changes and restart your server to apply the new configuration. You can now access your RDP using the new port number.
That’s it! You’ve successfully changed your RDP port on Windows Server 2016. Always remember to keep a record of your new port number and ensure your firewall settings are correctly configured.
Testing the New RDP Port Configuration
Once you’ve made the necessary changes to the RDP port, the next crucial step is to ensure everything is functioning correctly. We’ll walk you through the process of testing the new Remote Desktop port to confirm the configuration:
- Open the Remote Desktop Connection: On your client machine, open the Remote Desktop Connection application. You can find this by searching for “Remote Desktop Connection” or using the shortcut
mstsc. - Enter the New Port: In the Computer field, input your server’s IP address or hostname followed by a colon and the new port number. For example, if your new port is 33091, it should look something like this:
192.168.1.1:33091. - Connect: Click the “Connect” button. You will be prompted to enter your credentials if everything was configured correctly.
If your Remote Desktop Connection fails to connect, here are a few troubleshooting steps:
- Check the Port Number: Ensure you have entered the correct port number in the Remote Desktop Connection application.
- Verify Firewall Settings: Confirm that Windows Firewall or any other firewall software allows traffic through the new port.
- Restart Remote Desktop Services: Sometimes, a restart of the RDP services can help apply the changes fully.
- Consult the Event Viewer: Look into the Event Viewer for any specific error messages that might give you additional insights.
Once connected successfully, you can breathe a sigh of relief knowing your new configuration is working as intended. This simple yet crucial test ensures that the port modification process was successful and that the server is accessible using the new RDP port.
Conclusion: Keeping Your Remote Desktop Secure
By taking the steps outlined in this guide and changing your RDP port, you’ve taken a significant step towards protecting your Windows Server from unauthorized access. Always remember that while modifying the default port reduces the attack surface, it should be part of a comprehensive security strategy.
Consider coupling this method with other security measures like implementing a VPN, which adds an additional layer of encryption, and regularly applying system updates to patch potential vulnerabilities. Using strong, unique passwords for user accounts and enabling network level authentication (NLA) can also contribute to a more secure remote access environment.
Testing the new port configuration and confirming that it’s operating correctly is crucial. Ensure that the new port is indeed listening and that your changes haven’t inadvertently disrupted any legitimate access needs.
In summary, by changing the RDP port and integrating additional security practices, you’re well on your way to ensuring your remote desktop connections remain secure. Protecting your server is an ongoing process, and staying informed about the latest security practices will keep your system safeguarded against emerging threats.
