Change RDP Port in Windows

  • Updated on Apr 13, 2026
  • Published on Feb 8, 2023
  • 3 minute(s) read
Prev Next

  • NOTE: Ensure you set up a firewall rule for either your IP address and/or the new port to ensure you don't lose access!

    (see second section of this document or: https://docs.serversaustralia.com.au/docs/how-to-open-ports-in-windows-advanced-firewall)

    Introduction

    Changing the default RDP port in Windows is a simple way to improve security. By default, Remote Desktop uses port 3389, which is commonly targeted by automated scans from malicious actors. Using a non-standard port can help reduce exposure to these types of broad, automated attacks.

    You can change the RDP port either through the graphical user interface (GUI) or by using PowerShell.

    Prerequisites

    Before proceeding, ensure the following:

    • The new RDP port is allowed through the Windows Firewall and any other firewalls you have.
    • Remote Desktop is enabled on the system
    • You have administrator access
    • It is recommended to have out-of-band access (such as IPMI or iLO) in case you need to recover access after making changes

    Sections

    • Changing RDP port
      • Method 1: GUI
      • Method 2: Powershell
    • Creating a windows firewall rule
      • Method 1: GUI
      • Method 2: Powershell


    Changing RDP port
    Method 1: GUI

    1. Start Registry Editor from the Run prompt (Windows key + R); you can look it up in the search bar. Write "regedit" in the popup and press enter or click "ok".


    2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

    You can see in my example screenshot that it is set to 29292 rather than the default 3389.


    3. Right-click "PortNumber" click Modify.


    4. Select "decimal" then type the new port number, and then click OK


    5. Quit Registry Editor
    6. Open the Services Controller (services.msc), using either the run prompt or by clicking "services" under "tools" in Server Manager.


    7. Right-click "Remote Desktop Services" and select "Restart".

    Warning: if you are connected via RDP, you will be kicked from your session. Make sure your new port is allowed on any firewalls

    You will now be able to log back into the server with your newly allocated RDP port.

    Method 2: PowerShell

    1. Use the search bar to find PowerShell ISE, right-click, and run as admin.


    2. Select the small arrow next to the word "script" to expand.

3. Paste the following script into the script half; make sure to set the custom RDP port that you would like to use.

 $newRdpPort = 123456

# Check the current RDP port
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'PortNumber'

# Update the RDP port
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'PortNumber' -Value $newRdpPort

# Restart the Remote Desktop Services service
Restart-Service -Name TermService -Force

# Confirm the new RDP port
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'PortNumber'

4. Put the custom port number you would like to use after '$newRdpPort = '

5. Click the green arrow to run the script. The output will show in the blue box below.

Warning: if you are connected via RDP, you will be kicked from your session. Make sure your new port is allowed on any firewalls


Creating a windows firewall rule

Method 1: GUI

1. Open up 'Windows Defender Firewall with Advanced Security'. You can type it in the search bar, and if that doesn't work, paste the path below into File Explorer.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security


2. Select 'Inbound rules' and 'New Rule'.


3. Go with the 'Port' option; you can also select 'Custom' if you want to restrict it via IP.


4. Select TCP or UDP. You only need TCP, but UDP as well will help with speed. You cannot select them both at once; you will need to run through the guide twice to add UDP. Put in the custom port number you set before, e.g., 29292. Click next when you are done.


5. Select 'Allow the connection' and press next


6. Select 'Public' and select next.


7. Give the rule a name and a description if you would like, then click finish.


8. The new rule should appear under inbound rules; a green tick next to it means it is currently enabled.


Method 2: PowerShell

1. Use the search bar to find PowerShell ISE, right-click, and run as admin.


2. Select the small arrow next to the word "script" to expand.


3. Paste the following script into the script half; make sure to set the custom RDP port that you would like to use.

 $newRdpPort = 29292

# Allow traffic in via firewall
New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile Public -Direction Inbound -Action Allow -Protocol TCP -LocalPort $newRdpPort
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile Public -Direction Inbound -Action Allow -Protocol UDP -LocalPort $newRdpPort


4.  Put the custom port number you would like to use after '$newRdpPort = '


5. Click the green arrow to run the script. The output will show in the blue box below. Make sure the primary status, status, and enabled fields are showing correctly.

You will now be able to log back into the server with your newly allocated RDP port.