Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Remote Desktop allows remote connections to computers running Windows or Windows Server over the Remote Desktop Protocol (RDP), listening on port 3389 by default. For security or configuration purposes, you might want to change this listening port. This article provides step-by-step instructions to modify the listening port using either PowerShell or the Registry Editor.
Prerequisites
Before you begin, make sure you have the following items:
Administrator access, or equivalent, to the computer you want to connect to.
A computer with Remote Desktop enabled. For more information, see Enable Remote Desktop.
A client to test the changes from, such as Remote Desktop Connect (
mstsc.exe
) or Windows App.
Configure the Remote Desktop listening port
The listening port for Remote Desktop is specified in the registry. To change the registry value, here's how to change it using PowerShell or the Registry Editor. Select the relevant tab for the method you prefer.
To change the listening port using PowerShell, follow these steps:
Open PowerShell as an administrator.
Check the current port by running the following PowerShell command:
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name 'PortNumber'
The output is similar to the following example:
PortNumber : 3389 PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations PSChildName : RDP-Tcp PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry
Change the port by running the following PowerShell command. Be sure to replace
<Port Number>
with the new port number.$portValue = '<Port Number>' Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name 'PortNumber' -Value $portValue
Add the new port to the Windows Firewall
If you use the Windows Firewall, you need to add a new inbound rule to allow traffic on the new port. For more information about the different methods you can use to configure the Windows Firewall, see Windows Firewall tools.
Important
If you use any other firewall make sure you or your administrator permit connections to the new port number.
To create new Windows Firewall rules to allow the new port by running the following PowerShell command as an administrator. Be sure to replace <Port Number>
with the new port number.
$portValue = '<Port Number>'
New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile Public -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portValue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile Public -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portValue
Test the new Remote Desktop listening port
The next time you connect to this computer by using the Remote Desktop Connection or other client, enter the hostname along with the new port. For example, if you changed the port to use 3390 on computer pc1.contoso.com
, the address is pc1.contoso.com:3390
.