Remote desktop protocol (RDP) is the de facto administrative console access, and it may be necessary to make it even more secure by changing the TCP port used for the network access. It’s also useful when the remote computer is behind firewall which doesn’t allow incoming and outgoing connections other than standard ports or users unable to configure the port forwarding for Remote Desktop if they’re behind firewall or router’s NAT.
RDP transports on TCP 3389 by default for all supported versions of Windows; if you want to change the port, it requires a quick change in the Windows registry.
Note: Editing the registry is risky, so be sure you have a verified backup before saving any changes.
Microsoft has a Knowledge Base article KB306759 that details how to modify and change the Remote Desktop listening port by changing registry value.
1. Start Registry Editor by clicking on Start -> Run, and type in regedit in the Run text box, and then press Enter or click OK.
2. Navigate to the following registry branch/subkey:
3. Locate the registry entry PortNumber in the right pane.
4. Right click on PortNumber and choose Modify (or select PortNumber, then click on Edit menu and select Modify).
5. On the “Edit DWORD Value” window, click on Decimal.
The default port assignment is represented as d3d in hexadecimal or 3389 in decimal.
6. Type in the new port number (i.e. 3390) on the Value Data text box.
7. Click OK when done.
It may require a reboot to make the port assignment take effect. Once the system is listening on the new port, connections need to specify the new port in the RDP client properties, as shown in following image.
The Windows Server system will now listen on the new port with the Svchost.exe process, visible in task manager by entering Netstat -a -n -o to view the current processes and list the associated executable.