When you connect to a computer or a server through the Remote Desktop client, the Remote Desktop feature on your computer “hears” the connection request through a defined listening port (3389 by default).
Some organizations prefer to change the default RDP port (3389) on Windows servers to a custom port to make it more challenging for potential attackers to gain unauthorized access.
Fortunately, with the power of PowerShell, changing the RDP port becomes a straightforward process. By executing a single command in PowerShell, you can customize your RDP port to suit your specific requirements.
You can also change RDP port number using SCCM or manually by editing the registry. However, changing the RDP listening port on a Windows server using PowerShell is the most convenient and secure method.
PowerShell Script to Change RDP Port
The following PowerShell script allows you to change the RDP port from the default 3389 to a custom port. Before running the below PS script, you’ll need to specify the custom port for RDP.
To run the below script, copy and paste it into a text editor and change the name to something like changeRDPport.ps1. On your Windows Server or Windows 11, launch the Windows PowerShell as an administrator and run the below script.
$portvalue = 3390 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalue
Verifying the new RDP Port
After you have modified the RDP port number using the above script, you can run a simple PowerShell command to verify the RDP listening port. You can also use CMPivot query to quickly determine the RDP port of a client computer or Windows server.
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"