How to Change Remote Desktop Port in Windows 11
This guide explains how to change the remote desktop listening port in Windows 11.
Why change the Remote Desktop port?
By default, Windows uses port 3389 for Remote Desktop connections. Because this port is well-known, automated bots constantly scan the internet for it to attempt unauthorized access. Changing your port to a custom number acts like moving your front door to a secret location, making it much harder for automated scans to find your computer.
What happens when done?
Once you change the port and update your firewall, your computer will stop listening on the default port 3389. It will only accept incoming remote connections on your new custom port. You must include this new port number when connecting from other devices.
Step 1: Back Up Your Registry (Required)
Warning: This step requires administrator privileges. Editing the registry can cause system issues if done incorrectly. Always create a backup first by clicking File > Export in the Registry Editor.
Step 2: Change the Port in Registry Editor
Note: This step requires administrator privileges.
- Click the Search icon and type
regeditto open the Registry Editor. - Navigate to this path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
- Find the
PortNumberentry on the right side. - Right-click it and select Modify.
- Select the Decimal option.
- Type your new port number (e.g., 5555) and click OK.
Step 3: Update Windows Firewall
Note: This step requires administrator privileges. Your computer will block the new port unless you allow it through the firewall.
- Open Windows Firewall with Advanced Security.
- Click Inbound Rules and then New Rule on the right.
- Select Port, click Next, and choose TCP.
- Enter your new port number in Specific local ports.
- Follow the prompts to Allow the connection for all profiles.
Step 4: Verify and Connect
Restart your computer to apply changes. To verify it is working, open PowerShell as an administrator and run: netstat -ano | findstr :YOUR_NEW_PORT. To connect from a client, format your connection string as: 192.168.1.50:5555.
Summary
Changing your Remote Desktop port is an effective way to secure your system against automated attacks. By using the Registry Editor and updating your Windows Firewall, you can move your connection to a custom port. Always remember to use the format IP:Port when connecting, and keep your new port number stored safely.
Does changing the RDP port improve security?
Yes, it improves security by reducing “noise” from automated bots. While it is not a complete security solution, it hides your service from common port scanners that only look for the default 3389 port, effectively reducing the number of brute-force login attempts your system receives.
What happens if I forget the new RDP port?
If you forget the port, you will be unable to connect remotely. You will need physical access to the computer to check the registry path HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp to see the current PortNumber value. Always save your new port number in a secure password manager.
Was this guide helpful?
Leave a Reply