Tuesday, August 6, 2019

Change or Create another RDP Port on Windows OS using Command Line


Change or Create another RDP Port on Windows OS using Command Line


This have two benefits:
1- It reduce the random scanning on the default port 3389 and avoiding the brute force attacks attempts.
2-Secondly you may have faced an issue in your internet home connection that the ISP is unintentionally blocking the outgoing traffic to destination port 3389, so in this scenario you could open another port on the server for RDP and you would be able to RDP to it easily.

Let us start :

1- Change the current Port:

We will change the port from 3389 to 3388 by command line:

REG ADD HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\ /v PortNumber /t REG_DWORD /d 0xd3c‬ 


This should change it 
To verify, you can either telnet localhost 3388 or execute below query against the registry value of the PortNumber


REG QUERY "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp-3388" /v PortNumber

Now you would need to allow it in Windows firewall,
You can execute below command in your cmd

netsh advfirewall firewall add rule name="RDP UDP 3388 ports" protocol=UDP dir=in localport=3388 action=allow
netsh advfirewall firewall add rule name="RDP TCP 3388 ports" protocol=TCP dir=in localport=3388 action=allow


1- Create new Port:


We will follow few steps, below is the summary for these steps:
  a. Exporting current Port Value
  b. Change the Value Name
  c. Add the new Reg file to registry silently 
  d. Then change the port for the new Value that was created in above steps.

Below are the commands used in CMD as admin

REG EXPORT  "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" RDP-Tcp-3388.reg

powershell -Command "(gc RDP-Tcp-3388.reg) -replace 'RDP-Tcp', 'RDP-Tcp-3388' | Out-File -encoding ASCII RDP-Tcp-3388.reg"
regedit /s RDP-Tcp-3388.reg

REG ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp-3388" /v PortNumber /t REG_DWORD /d 0xd3c /f

You need also to allow the port in Windows Firewall

netsh advfirewall firewall add rule name="RDP UDP 3388 ports" protocol=UDP dir=in localport=3388 action=allow
netsh advfirewall firewall add rule name="RDP TCP 3388 ports" protocol=TCP dir=in localport=3388 action=allow


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)