How to change RDP port in Windows server

By default Windows servers are reachable via default RDP port 3389. In most cases it’s convenient to use such a port to access the server, however, it also exposes it to various brute force types of attacks. This means other servers with special software are constantly scanning the internet hosts and looking for the servers that are vulnerable to the RDP port. Once such servers are detected the next phase of attack begins by attempting to guess the administrator passwords.

During such attacks, Windows servers might be unable to handle RDP connections due to too many attempts to log in as an administrator. Therefore, in this article, we will learn how to secure the server from such attacks by changing the RDP port.

Start with connecting to the server via remote desktop connection and launch registry editor (regedit) from the search box.

Registry editor

Navigate to the registry key which is responsible for saving the RDP port.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Find the key which is named “PortNumber”.

Port number

Right-click on the PortNumber and choose Modify… In the opened window make sure to select “Decimal” under the “Base” and it will show the current RDP port in the “Value data” field.
Modify port number

Enter the new port number in the “Value data” field and click OK to save the changes. For example, to change the RDP port to 7227:

New port number

Close the registry editor and restart the server in order to start using the new RDP port. After the server will be restarted it won’t be reachable via the default RDP port anymore. This means the new port number needs to be entered with the server IP address in the remote desktop connection. For example:

Remote desktop connection

From now the server is reachable via custom RDP port and is no longer being targeted with brute force attacks via default RDP port.

Related articles:

Was this article helpful?

Need support?

If you need any further help, don't hesitate to send a support request to our support team.