Monday, May 13, 2019

Changing the RDP port on your server to hide access

How to do it…

Go through the following steps to change the RDP port to one of your liking:
  1. Open Registry Editor. You can do this by going to either the Start screen or Command Prompt and typing regedit.
  2. Browse to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
  3. Find the value called PortNumber and change it to 4822.

  4. Restart the server.
  5. Now log into your client computer and open up Remote Desktop Connection by typing that name into your Start screen. You can also type mstsc in Command Prompt to open this program. If you try to connect directly to WEB1, your connection will fail as the server is no longer listening on the standard port 3389.
  6. Enter in WEB1:4822 and you connect successfully.

    Tip

    If at first you cannot connect, make sure to check your Windows Firewall settings. It is possible that you may need to add a rule to WFAS on the server to allow port 4822.

How it works…

With a simple registry change, we can adjust the RDP listener port on servers. This will help keep unwanted RDP connections from being made, which can be useful both inside and outside the corporate network. After making this change, the only people who will be able to reach the RDP login screen would be those who know your new RDP port, and who know how to utilize that custom port within the Remote desktop connection tool.

No comments:

Post a Comment

Remote Hybrid and Office work