How To Modify the RDP Port on Windows Server

With remote servers more common than ever, everyone’s looking for ways to keep their RDP access more secure. The default port 3389 is pretty much everyone’s target, and if you leave it that way, hackers are just waiting to hit it. So, changing your RDP port isn’t just a good idea, it’s almost a must-have for some level of security shift. But, the catch is, Windows doesn’t exactly make this obvious or straightforward, especially if you’ve never done it before. Sometimes it feels like Windows wants to make it as confusing as possible. But don’t worry, it’s doable, and you don’t need to be a Windows admin wizard to pull it off. Once you change the port, it becomes harder for hackers just scanning for open port 3389, and that’s when your chances of avoiding an attack go up. Basically, it’s a small tweak that pays off in peace of mind, especially if your server’s out there on the internet 24/7.

Ways to Change RDP Port for a Windows Server

There are a couple of straightforward ways to change the RDP port—either through the Registry or PowerShell. Both work well, but you just gotta be careful because messing around with the registry isn’t exactly fun if you don’t pay attention. On one setup it’s super smooth, on another… well, it’s a little temperamental sometimes. Just remember to restart your RDP service afterward and update the firewall rules. That last step trips a lot of people up, especially if they forget about the firewall rules or don’t restart the service properly.

Method 1: Changing the RDP port using Registry Editor

This is the classic way. It’s the most direct, but you’ve got to be super careful because editing the registry can cause issues if you mess it up. Why does it work? Because the port number is stored right there, under the registry key — changing it effectively tells Windows to listen on a different port for incoming RDP connections. It applies anytime you connect remotely, so once set correctly, it’s like a little digital lock against scanners looking for port 3389.

  1. Open the Start Menu, type Registry Editor, and open it. If User Account Control (UAC) pops up, click Yes.
  2. Navigate to this address: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp. The easiest way is to expand your folders step-by-step or just paste it directly into the Registry Editor’s address bar.
  3. On the right side, find PortNumber and double-click it to edit. Make sure to select Decimal under Base.
  4. Change the Value Data to whatever port number you want—just pick a random free port, like 3390 or 50000.(Don’t pick something that’s already in use.) For example, enter 3390.
  5. Click OK and close the Registry Editor.

Now, this only *sets* the port—it doesn’t activate it or tell Windows to allow it through the firewall yet. So, next step is making sure Windows is listening on the new port and that the firewall isn’t blocking it. This is where most folks stumble.

Method 2: Changing the RDP port through PowerShell

If you’re more comfortable with command-line stuff or want a quicker way, PowerShell does the job. It’s kinda more modern and less risky than manually poking through the registry, but you still need to run it as administrator—because it’s messing with system settings.

  • Hit the Windows key, type Windows PowerShell, right-click, and choose Run as administrator.
  • If prompted by User Account Control, click Yes.
  • Use this command, replacing [Port Number] with your custom port, like 3390:

    • Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'PortNumber' -Value 3390

After running this, remember: you still have to update your firewall rules.

How to Implement the Changes in the RDP Port

Changing the port alone doesn’t do the trick — you have to tell Windows to allow traffic on that new port. Otherwise, your remote connection will just hang. Here’s what to do:

  1. Open Windows Defender Firewall with Advanced Security. You can do this quickly by pressing Windows + R, typing firewall.cpl or searching for Windows Defender Firewall, and hitting Enter.
  2. Click on Inbound Rules, then pick New Rule.
  3. Choose Port as the rule type and hit Next. Because this is TCP/UDP traffic, select TCP. Now, select Specific local ports and type in your new port number.
  4. Click Next, then select Allow the connection. Decide whether this rule applies to Domain, Private, or Public networks—usually Private is enough if you’re inside a LAN, but if you’re remote, you might need it for all three.
  5. Give it a name like “RDP Custom Port” and hit Finish. Repeat the steps but choose UDP if needed, especially if your setup uses UDP for RDP.
  6. Finally, restart the Remote Desktop Services service: press Windows + R, type services.msc, hit Enter, find Remote Desktop Services, right-click, and choose Restart.

Yes, it’s kinda a process. But on one of my setups, it worked after doing all that—on another, I had to reboot twice, because Windows can be stubborn sometimes. The main thing is making sure your new port is allowed through the firewall and the service is restarted. Plus, double-check your port after changes—because Windows isn’t always upfront about the new listening port.

How to Check the RDP Port on Windows Server

After all that fuss, it’s good to verify your changes. Here’s the quickest way—just run PowerShell as admin and execute:

Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"

This will tell you the port number Windows is currently listening on. Make sure it matches what you set. If not, it might mean the registry changes didn’t take or some other policy is overriding it.

Final Words

Once you’ve gone through all those steps, your RDP port will be changed from the default to something more obscure. Just keep in mind, the port must be open in the firewall and services restarted, or else your remote sessions will just refuse to work. Not sure why, but on some servers, it takes a couple restarts before everything sticks. But overall, this little tweak can seriously boost your security posture.

Summary

  • Changed registry or used PowerShell to set a new port
  • Updated firewall rules to allow traffic on the new port
  • Restarted remote desktop services to apply changes
  • Verified the new port with PowerShell commands

Wrap-up

Fingers crossed, this helps someone make their remote setup a bit more private. It’s not foolproof security, but definitely a good step if you want to make it a little harder for the average scanner or script kiddie. Just remember to keep track of your custom port and update your firewall rules every time you change it. Good luck, and hope it works on your machine — it worked for me, at least!

How To Resolve Windows Getting Stuck During Disk Repair
How To Adjust Virtual Memory Settings in Windows 11