Changing Windows RDP port the right way

If your router doesn’t allow you to specify different internal and external ports when setting up port forwarding for remote desktop, you may need to change the listening port. You can do this the old-fashioned way by modifying the registry, adding a firewall exception and restarting the appropriate services like so:

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3390 /f
netsh advfirewall firewall add rule name="Remote Desktop (TCP 3390)" protocol=tcp dir=in localport=3390 action=allow
net stop termservice /y && net start termservice

Or you could do it the simpler, less-likely-to-break-things way:

netsh interface portproxy add v4tov4 listenport=3390 connectport=3389 connectaddress=192.168.1.100
netsh advfirewall firewall add rule name="Remote Desktop (TCP 3390)" protocol=tcp dir=in localport=3390 action=allow

Where 192.168.1.100 is the computer’s actual IP address and 3390 is your desired port. connectaddress can also be the name of the computer, but not localhost or 127.0.0.1. And yes, this setting will persist across reboots.

This is a much more graceful solution than modifying the service’s listening port because RDP is now available on both the standard port 3389 and 3390, and will allow computers on the network to continue connecting using just the computer name or IP without having to specify your new exotic port number.

Leave a Reply

Your email address will not be published. Required fields are marked *