Changing the default Remote Desktop Protocol (RDP) port can enhance security by making it more difficult for unauthorized users to locate and attempt attacks on your system. However, it’s important to remember that this is just one layer of security and should be used in conjunction with other measures, especially a strong password.
Choose a New Port Number
Avoid Common Ports: Avoid well-known ports (0-1023) and registered ports (1024-49151). Choose a port in the dynamic/private range (49152-65535) to reduce the likelihood of conflicts.
Configuring the remote port
1
Start the registry editor. (Type regedit in the Search box.)
2
Navigate to the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp 3
Find PortNumber
4
Click Edit > Modify, and then click Decimal.
5
Type the new port number, and then click OK.
6
Close the registry editor,
Setting Firewall Rules
Create an inbound port rule
This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port. To create an inbound port rule:
1
Open the Windows Firewall
2
In the navigation pane, select Inbound Rules
3
Select Action, and then select New rule
4
On the Rule Type page of the New Inbound Rule Wizard, select Custom, and then select Next
5
On the Program page, select All programs, and then select Next
6
On the Protocol and Ports page, select the protocol type that you want to allow. To restrict the rule to a specified port number, you must select either TCP or UDP. Because this is an incoming rule, you typically configure only the local port number If you select another protocol, then only packets whose protocol field in the IP header match this rule are permitted through the firewall. To select a protocol by its number, select Custom from the list, and then type the number in the Protocol number box. When you have configured the protocols and ports, select Next.
7
On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next
8
On the Action page, select Allow the connection, and then select Next
9
On the Profile page, select the network location types to which this rule applies, and then select Next
10
On the Name page, type a name and description for your rule, and then select Finish
Create an outbound port rule
By default, Windows Firewall allows all outbound network traffic, unless it matches a rule that prohibits the traffic. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers. To create an outbound port rule:
1
Open the Windows Firewall
2
In the navigation pane, select Outbound Rules
3
Select Action, and then select New rule
4
On the Rule Type page of the New Outbound Rule wizard, select Custom, and then select Next
5
On the Program page, select All programs, and then select Next
6
On the Protocol and Ports page, select the protocol type that you want to allow. To allow the rule to a specified port number, you must select either TCP or UDP. Because this rule is an outbound rule, you typically configure only the remote port number If you select another protocol, then only packets whose protocol field in the IP header matches this rule are allowed by Windows Defender Firewall. Network traffic for protocols is allowed as long as other rules that match don’t allow it. To select a protocol by its number, select Custom from the list, and then type the number in the Protocol number box. When you’ve configured the protocols and ports, select Next
7
On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then select Next
8
On the Action page, select Allow the connection, and then select Next
9
On the Profile page, select the network location types to which this rule applies, and then select Next
10
On the Name page, type a name and description for your rule, and then select Finish
11
Restart your server.
Connecting to server after setting custom port
1
Open Remote Desktop Protocol application
2
Enter your ip address in the Computer field box followed by a colon then the port number
192.168.1.1:54892
How to setup RDP custom port and configure firewall
