Changing the RDP port in Windows Server 2012

Start

This manual covers the procedure for changing the RDP port in Windows Server 2012.

Please note that all further procedures are designed to change the RDP port, which will lead to the disconnection of the current server connection; therefore we recommend using other options for connecting to the server (e.g. through the Web console in the user account). In order to accomplish this task, you need to edit the registry of the operating system. The registry may be edited using the relevant program editor. Click Start and type cmd in the Search field.

Changing the RDP port 2012 -- find cmd

In the black console window that appears, type in and execute the regedit command.

Changing the RDP port 2012 -- cmd-regedit

In the registry editor, it is necessary to find the RDP-Tcp partition, which can be done using following this path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp:

Changing the RDP port 2012 -- cmd-regedit-port number

It is then necessary to find and open the PortNumber element (as on the figure above) in it.

Next, switch to the Decimal input format and specify a new port for the RDP connection:

Changing the RDP port 2012 -- cmd-regedit-port number-enter value

When selecting a new port for connection, remember that there are several port categories broken down by their numbers:

  • Numbers from 0 to 10213 are known ports that are assigned and controlled by Internet Assigned Numbers Authority (IANA).
    They are normally used by various OS system applications.
  • Ports from 1024 to 49151 are registered ports designated by IANA. They can be used to solve particular tasks.
  • Port numbers from 49152 to 65535 are dynamic (private) ports that may be used by any applications or processes to solve work tasks.

Port rule

After changing a port for remote connection, it is necessary to open it in the firewall settings, otherwise all attempts of external connection will be blocked.

To do this, it is necessary to use the Windows Firewall with Advanced Security snap-in

You can open it by going to the menu: Server manager —> Tools:

Changing the RDP port 2012 -- server manager tools

It is necessary to select "Inbound Rules ", right click on this item and select "New rule":

Changing the RDP port 2012 -- firewall - inband rules add new

We will create a rule for the port:

Changing the RDP port 2012 -- firewall - inband rules type

 It is necessary to select protocol type (TCP or UDP) and specify the port that we set when editing the registry
(in our example: TCP protocol, 60000 port number):

Changing the RDP port 2012 -- firewall - inband rules port input

The next step is to select the type of action that describes the rule.

In our case, it is necessary to enable the connection using the specified port.

Changing the RDP port 2012 -- firewall- allow connection

The next step is to specify the scope of the rule – it depends on where the server is running (in a workgroup, domain or private access):

Changing the RDP port 2012 -- firewall -rule profile

Then it is necessary to select a name for the rule (it is recommended to select the name in such a way that the rule can then be easily recognized among others):

Changing the RDP port 2012 -- firewall - naming and finish

After that the server has to be rebooted.

Now the new new port needs to be used to connect to the server via RDP.