How to Change RDP Port using SCCM | PowerShell | Registry

This guide covers different methods to change RDP port (Remote Desktop Port) on Windows computers such as SCCM (ConfigMgr) CMPivot, PowerShell and Windows registry.

The Remote Desktop feature on your computer listens for the connection request over a designated port 3389 when you use the Remote Desktop client to connect to a computer (either a Windows client or Windows Server). The Remote Desktop port (RDP port) 3389 on Windows is a popular target for hackers. Thus, it might make sense to change the RDP port.

After you change the RDP port, the next time you connect to this computer by using the Remote Desktop connection, you must type the new port. If you’re using a firewall, make sure to configure your firewall to permit connections to the new port number.

Please be aware that port 1-1023 should not be used when selecting a non-standard RDP port because these are known ports, but port 49152-65535 is a dynamic or private port that is not in use by any service or application. For instance, you can change RDP port from 3389 to 33091.


Why change the RDP port number?


http://forum.icohaberleri.com/showthread.php?tid=235

https://zinaramirez.com/mybb/thread-49360.html

http://www.hondaikmciledug.co.id/HRIS/showthread.php?tid=131

http://bobzhotel.altervista.org/showthread.php?tid=16088

http://www.yypf.com/showthread.php?tid=3645

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=103948

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=98344&extra=page%3D1

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=354707

http://jl.kaoyanzhi.net/forum.php?mod=viewthread&tid=97586

http://www.skillcoach.org/forums/topic/269037/adapting-to-legal-tech-a-law-student-s-guide

http://www.skillcoach.org/forums/topic/271532/cricut-setup-software-may-be-downloaded-here

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=4&t=11659&p=28525

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=26&t=13019

http://www.oberoende.info/rfhlups/forum/viewtopic.php?f=2&t=7582

https://www.gasdefence.ru/forum/viewtopic.php?t=105624

https://www.gasdefence.ru/forum/viewtopic.php?t=106497

https://www.gasdefence.ru/forum/viewtopic.php?t=106812

https://www.gasdefence.ru/forum/viewtopic.php?t=106390


Microsoft uses port 3389 for all external communications. A technique of automated password guessing is frequently used by hackers to connect to distant computers using the 3389 listening port. Such attacks, like the one Microsoft has just discovered, are known as brute force and password spraying attacks.

Undoubtedly, this serious security flaw puts your remote computers in danger. Many administrators decide to alter the RDP port number from 3389 to any other available port to get around this vulnerability, which makes it more challenging for hackers to figure out the listening port.

In addition to defending against hackers, administrators alter the RDP port number to get around firewalls. Some systems’ firewalls are set up to prevent both incoming and outgoing messages to and from port 3389, respectively, for security concerns. The purpose of this approach is less to block remote access and more to stop hackers from entering the system through the port. Changing RDP port helps to reduce the risk of port scanners and RDP vulnerabilities.


Check the RDP Port Number using PowerShell


On any Windows computer, you can check the RDP port number by running the below PowerShell command.


We see the RDP port number on the given computer is 3389.


Change RDP Port using Registry


You can change the listening port for Remote Desktop on your computer using Registry. Make sure you back up the registry before you make any changes.


  • Launch the registry editor. (Type regedit in the Search box.)
  • Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  • Find PortNumber registry key whose default value is 3389.
  • Right-click the PortNumber key and select Modify. On the Edit DWORD (32-bit) Value, select Decimal and type the new port number, and then click OK. Close the registry editor, and restart your computer.


In the screenshot below, I have changed the remote desktop port from 3389 to 33091.

To confirm if the remote desktop port number is changed, run the below PowerShell command.

In the output, we see the RDP port number shows 33091 and this confirms that we have successfully changed the remote desktop port using registry.


Change RDP Port using PowerShell


One of the quickest ways to change the remote desktop port is using a PowerShell script. You can use the PowerShell script to change RDP listening port number on multiple computers.

The below PowerShell script is provided by Microsoft, that sets the remote desktop port to 3390. The script also adds the firewall rule to allow the RDP port on the computer.

To run the above PowerShell script, launch the PowerShell as administrator on your computer and run the script. You can also open Windows PowerShell ISE and paste the code and edit it before you run.

You can also deploy RDP port change PowerShell script on multiple computers using Microsoft Intune or Configuration Manager.


https://www.itray.co.kr/bbs/board.php?bo_table=free&wr_id=25481

http://theglobalfederation.org/viewtopic.php?id=1641434

http://theglobalfederation.org/viewtopic.php?id=1100007

http://theglobalfederation.org/viewtopic.php?id=1579408

https://forum.racing.by/viewtopic.php?t=205300

https://forum.racing.by/viewtopic.php?t=62658

https://forum.racing.by/viewtopic.php?t=197869

http://www.virtuosal.com/forum/viewtopic.php?id=250035

http://www.virtuosal.com/forum/viewtopic.php?id=100054

http://www.virtuosal.com/forum/viewtopic.php?id=315916

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=31121

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=28436

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=30343

http://heroicfantasygames.free.fr/Forum/viewtopic.php?p=29266

http://forum.lithotherapy.ru/viewtopic.php?t=34146

http://forum.lithotherapy.ru/viewtopic.php?f=18&t=41630

https://forum.lithotherapy.ru/viewtopic.php?f=18&t=35819


Adding firewall rules for custom RDP ports


You must modify the Windows Defender firewall to permit your new custom RDP port after changing the default RDP port to a custom port. To add the rules for unique RDP ports, use the PowerShell scripts below.


CMPivot Query to Check the RDP Port


You can quickly query registry values using CMPivot. Using a simple CMPivot query, you can check the RDP port on multiple computers in SCCM.


Comments

Post a Comment

Popular posts from this blog

3 Ways to Restart ConfigMgr PXE Responder Service on a DP

In this article, I will show you multiple ways to restart ConfigMgr PXE responder service on a distribution point server. Restarting the PXE responder service is typically done during the OSD troubleshooting and helps you resolve many OSD issues. The PXE responder service manages requests made by Pre-Boot execution Environment (PXE) – enabled client computers. If this service is stopped, PXE-enabled client computers will be unable to install Windows remotely. When you install a distribution point, the PXE responder service is not enabled by default. By enabling the PXE responder on SCCM DP, you can get rid of WDS as it isn’t required any more. If you are new to ConfigMgr, learn how to enable PXE responder without WDS on a SCCM DP. When you enable the PXE responder services on a distribution point, you’ll notice a new service (SCCMPxe) is installed, known as ConfigMgr PXE responder service. This service has no dependencies, and the activities of this service are logged in a separate fil...
Read more

ConfigMgr Technical Preview 2303 New Features & Improvements

It’s the end of March 2023, and we have a new ConfigMgr Technical Preview 2303 update. We see two new features, support for SQL 2022 for SCCM and dark theme extended for open customer voice (OCV) wizard. If you are running a dedicated lab for ConfigMgr Technical Preview like me, you will see a new update for technical preview version 2303 in the console. If you don’t see the update yet, run the check for updates to get the latest technical preview 2303 update. Prior to the release of TP 2303, the two previous technical preview releases were TP 2301 and TP 2302. Here is an updated article consisting of all the SCCM technical preview releases along with build numbers and new features. If you are setting up a new technical preview lab, you can download the technical preview 2302 is a baseline version that you can download from Microsoft Eval center. A baseline media includes all the setup files required to install SCCM or Configuration Manager. Note: Starting with Configuration Manager ve...
Read more

2 Best Solutions: Error Can’t Connect to Windows 365

In this article, I will show you how to resolve the error can’t connect to Windows 365. If you are unable to access your Cloud PC using the Windows 365 app, there are two ways to solve this issue. I normally connect to my Cloud PC using the Windows 365 app. Note that there are multiple ways to connect and access your Cloud PCs. For instance, you can connect to a cloud PC using the Windows 365 home page, the Windows 365 App, or the Microsoft Remote Desktop client. Cloud PCs are accessible to users only after you assign Windows 365 licenses to users. Note that you should also provision Windows 365 Cloud PCs that allow users to access them from any device. In my case, the provisioning policy in place for Cloud PCs and a valid license was assigned to the user. In some cases, when you attempt to connect to Cloud PC, there may be gateway errors or connection errors. Refer to the following guide on troubleshooting Cloud PC connection errors, where I have covered solutions for Cloud PC access ...
Read more