Changing the RDP port in Windows Server 2012

Start

This manual covers the procedure for changing the RDP port in Windows Server 2012. Please note that all further procedures are designed to change the RDP port, which will lead to the disconnection of the current server connection; therefore we recommend using other options for connecting to the server (e.g. through the Web console in your hosting account). In order to accomplish this task, you need to edit the registry of the operating system. The registry may be edited using the relevant program editor.

Click Start and type cmd in the Search field.

windows server 2012 comand prompt

In the black console window that appears, type in and execute the regedit command.

windows server regedit

In the registry editor, it is necessary to find the RDP-Tcp partition, which can be done using following this path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp:

windows server regedit port number

It is then necessary to find and open the PortNumber element (as on the figure above) in it.

Next, switch to the Decimal input format and specify a new port for the RDP connection:

windows server edit port number

When selecting a new port for connection, remember that there are several port categories broken down by their numbers:

  • Numbers from 0 to 10213 are known ports that are assigned and controlled by Internet Assigned Numbers Authority (IANA).
    They are normally used by various OS system applications.
  • Ports from 1024 to 49151 are registered ports designated by IANA. They can be used to solve particular tasks.
  • Port numbers from 49152 to 65535 are dynamic (private) ports that may be used by any applications or processes to solve work tasks.

Port rule

After changing a port for remote connection, it is necessary to open it in the firewall settings, otherwise all attempts of external connection will be blocked. To do this, it is necessary to use the Windows Firewall with Advanced Security snap-in. You can open it by going to the menu: Server manager —> Tools:

windows server  manager tools

It is necessary to select "Inbound Rules ", right click on this item and select "New rule":

windows server  firewall inband rules add new

We will create a rule for the port:

windows server  firewall inband rules type

It is necessary to select protocol type (TCP or UDP) and specify the port that we set when editing the registry (in our example: TCP protocol, 60000 port number):

windows server new port input

The next step is to select the type of action that describes the rule. In our case, it is necessary to enable the connection using the specified port.

windows server  allow connection

The next step is to specify the scope of the rule – it depends on where the server is running (in a workgroup, domain or private access):

windows server  firewall rule profile

Then it is necessary to select a name for the rule (it is recommended to select the name in such a way that the rule can then be easily recognized among others):

windows server  firewall naming and finish

After that the server has to be rebooted.

Now the new new port needs to be used to connect to the server via RDP.