Edit

Share via


Change the Remote Desktop listening port on your computer

Remote Desktop allows remote connections to computers running Windows or Windows Server over the Remote Desktop Protocol (RDP), listening on port 3389 by default. For security or configuration purposes, you might want to change this listening port. This article provides step-by-step instructions to modify the listening port using either PowerShell or the Registry Editor.

Prerequisites

Before you begin, make sure you have the following items:

  • Administrator access, or equivalent, to the computer you want to connect to.

  • A computer with Remote Desktop enabled. For more information, see Enable Remote Desktop.

  • A client to test the changes from, such as Remote Desktop Connect (mstsc.exe) or Windows App.

Configure the Remote Desktop listening port

The listening port for Remote Desktop is specified in the registry. To change the registry value, here's how to change it using PowerShell or the Registry Editor. Select the relevant tab for the method you prefer.

To change the listening port using PowerShell, follow these steps:

  1. Open PowerShell as an administrator.

  2. Check the current port by running the following PowerShell command:

    Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name 'PortNumber'
    

    The output is similar to the following example:

    PortNumber   : 3389
    PSPath       : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
    PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations
    PSChildName  : RDP-Tcp
    PSDrive      : HKLM
    PSProvider   : Microsoft.PowerShell.Core\Registry
    
  3. Change the port by running the following PowerShell command. Be sure to replace <Port Number> with the new port number.

    $portValue = '<Port Number>'
    
    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name 'PortNumber' -Value $portValue
    

Add the new port to the Windows Firewall

If you use the Windows Firewall, you need to add a new inbound rule to allow traffic on the new port. For more information about the different methods you can use to configure the Windows Firewall, see Windows Firewall tools.

Important

If you use any other firewall make sure you or your administrator permit connections to the new port number.

To create new Windows Firewall rules to allow the new port by running the following PowerShell command as an administrator. Be sure to replace <Port Number> with the new port number.

$portValue = '<Port Number>'

New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile Public -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portValue
New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile Public -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portValue

Test the new Remote Desktop listening port

The next time you connect to this computer by using the Remote Desktop Connection or other client, enter the hostname along with the new port. For example, if you changed the port to use 3390 on computer pc1.contoso.com, the address is pc1.contoso.com:3390.