How to Change RDP Port using SCCM | PowerShell | Registry

This guide covers different methods to change RDP port (Remote Desktop Port) on Windows computers such as SCCM (ConfigMgr) CMPivot, PowerShell and Windows registry.

The Remote Desktop feature on your computer listens for the connection request over a designated port 3389 when you use the Remote Desktop client to connect to a computer (either a Windows client or Windows Server). The Remote Desktop port (RDP port) 3389 on Windows is a popular target for hackers. Thus, it might make sense to change the RDP port.

After you change the RDP port, the next time you connect to this computer by using the Remote Desktop connection, you must type the new port. If you’re using a firewall, make sure to configure your firewall to permit connections to the new port number.

Please be aware that port 1-1023 should not be used when selecting a non-standard RDP port because these are known ports, but port 49152-65535 is a dynamic or private port that is not in use by any service or application. For instance, you can change RDP port from 3389 to 33091.


Why change the RDP port number?


http://forum.icohaberleri.com/showthread.php?tid=235

https://zinaramirez.com/mybb/thread-49360.html

http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=131

http://bobzhotel.altervista.org/showthread.php?tid=16088

http://www.yypf.com/showthread.php?tid=3645

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=103948

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=98344&extra=page%3D1

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=354707

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=97586

http://www.skillcoach.org/forums/topic/269037/adapting-to-legal-tech-a-law-student-s-guide

http://www.skillcoach.org/forums/topic/271532/cricut-setup-software-may-be-downloaded-here

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=4&t=11659&p=28525

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=26&t=13019

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=2&t=7582

https://www.gasdefence.ru/forum/viewtopic.php?t=105624

https://www.gasdefence.ru/forum/viewtopic.php?t=106497

https://www.gasdefence.ru/forum/viewtopic.php?t=106812

https://www.gasdefence.ru/forum/viewtopic.php?t=106390


Microsoft uses port 3389 for all external communications. A technique of automated password guessing is frequently used by hackers to connect to distant computers using the 3389 listening port. Such attacks, like the one Microsoft has just discovered, are known as brute force and password spraying attacks.

Undoubtedly, this serious security flaw puts your remote computers in danger. Many administrators decide to alter the RDP port number from 3389 to any other available port to get around this vulnerability, which makes it more challenging for hackers to figure out the listening port.

In addition to defending against hackers, administrators alter the RDP port number to get around firewalls. Some systems’ firewalls are set up to prevent both incoming and outgoing messages to and from port 3389, respectively, for security concerns. The purpose of this approach is less to block remote access and more to stop hackers from entering the system through the port. Changing RDP port helps to reduce the risk of port scanners and RDP vulnerabilities.


Check the RDP Port Number using PowerShell


On any Windows computer, you can check the RDP port number by running the below PowerShell command.


We see the RDP port number on the given computer is 3389.


Change RDP Port using Registry


You can change the listening port for Remote Desktop on your computer using Registry. Make sure you back up the registry before you make any changes.


  • Launch the registry editor. (Type regedit in the Search box.)
  • Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  • Find PortNumber registry key whose default value is 3389.
  • Right-click the PortNumber key and select Modify. On the Edit DWORD (32-bit) Value, select Decimal and type the new port number, and then click OK. Close the registry editor, and restart your computer.


In the screenshot below, I have changed the remote desktop port from 3389 to 33091.

To confirm if the remote desktop port number is changed, run the below PowerShell command.

In the output, we see the RDP port number shows 33091 and this confirms that we have successfully changed the remote desktop port using registry.


Change RDP Port using PowerShell


One of the quickest ways to change the remote desktop port is using a PowerShell script. You can use the PowerShell script to change RDP listening port number on multiple computers.

The below PowerShell script is provided by Microsoft, that sets the remote desktop port to 3390. The script also adds the firewall rule to allow the RDP port on the computer.

To run the above PowerShell script, launch the PowerShell as administrator on your computer and run the script. You can also open Windows PowerShell ISE and paste the code and edit it before you run.

You can also deploy RDP port change PowerShell script on multiple computers using Microsoft Intune or Configuration Manager.


https://www.itray.co.kr/bbs/board.php?bo_table=free&wr_id=25481

http://theglobalfederation.org/viewtopic.php?id=1641434

http://theglobalfederation.org/viewtopic.php?id=1100007

http://theglobalfederation.org/viewtopic.php?id=1579408

https://forum.racing.by/viewtopic.php?t=205300

https://forum.racing.by/viewtopic.php?t=62658

https://forum.racing.by/viewtopic.php?t=197869

http://www.virtuosal.com/forum/viewtopic.php?id=250035

http://www.virtuosal.com/forum/viewtopic.php?id=100054

http://www.virtuosal.com/forum/viewtopic.php?id=315916

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=31121

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=28436

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=30343

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=29266

http://forum.lithotherapy.ru/viewtopic.php?t=34146

http://forum.lithotherapy.ru/viewtopic.php?f=18&t=41630

https://forum.lithotherapy.ru/viewtopic.php?f=18&t=35819


Adding firewall rules for custom RDP ports


You must modify the Windows Defender firewall to permit your new custom RDP port after changing the default RDP port to a custom port. To add the rules for unique RDP ports, use the PowerShell scripts below.


CMPivot Query to Check the RDP Port


You can quickly query registry values using CMPivot. Using a simple CMPivot query, you can check the RDP port on multiple computers in SCCM.


Comments

Popular posts from this blog

3 Ways to Restart ConfigMgr PXE Responder Service on a DP

ConfigMgr Technical Preview 2303 New Features & Improvements

2 Best Solutions: Error Can’t Connect to Windows 365