Walker News

How To Change Remote Desktop Listening Port

By default, the Windows Remote Desktop service will automatically listen to TCP port 3389.

However, it’s perfectly fine to change or alter the default RDP listening port for any reasons that an administrator can think of. For example, to bypass Firewall that only allow web browsing but restrict Remote Desktop connection and others protocols.
In this case, you might need to change the default TCP 3389 to TCP 80 or 443 for the Remote Desktop service running on Vista Ultimate PC at home.

How to change the Remote Desktop listening port on Windows Vista?

This RDP trick is applicable to Remote Desktop service running on Windows Server 2003 and Windows XP as well (and likely working on Windows Server 2008 or later too)!
  1. Open up the Windows Registry Editor and browse to this Registry path:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  2. Locate the PortNumber Registry key on the right-pane, double-click to open, click the Decimal option in the Base section, enter 443 in the text box and click OK (change 443 to the port number of your need).
    Take note that:
    • The new TCP port for Remote Desktop service must not currently in used. To confirm the TCP port 443 is free or unused, type
      netstat -an | find "443"

      at the Command Prompt window. If there is no output from the netstat command, meaning that the TCP 443 port number is not in used (and thus available for new RDP listening port).
       
    • If you’re not comfortable with Windows Registry Editor, you can simply copy and paste the following Console Registry Tool command (Reg.exe) to an elevated Command Prompt window in Windows Vista:
      You might need to download Reg.exe from Microsoft if it’s not currently in your Windows.
      REG ADD "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 443 /f

    • To change back to the default, simply replace the PortNumber Registry key (in this case, TCP 443) to TCP port 3389.

How to restart Windows Remote Desktop service after changing its listening port?

There are at least two ways to enable/disable or restart Remote Desktop service – Group Policies or System Properties:

Using Group Policies (i.e. gpedit.msc)
  1. Click the Vista Orb, type gpedit.msc in the Start Search text box (Vista Instant Search) and double-click the “gpedit” in the Program list
     
  2. For Windows XP SP2:
    In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Allows users to connect remotely using Terminal Services setting.

    For Windows Vista Ultimate:

    In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, Terminal Server, Connections, double-click the Allows users to connect remotely using Terminal Services setting.
     
  3. Click Disable to deactivate Remote Desktop and then click Enable to reactivate the service again.

Using System Properties dialog box

If the “Allows users to connect remotely using Terminal Services” Group Policy setting is set to “Not Configured”, the “Enable Remote Desktop on this computer” setting (on the Remote tab of the System Properties dialog box) takes precedence. Otherwise, the “Allows users to connect remotely using Terminal Services” Group Policy setting takes precedence.

For Windows Vista computer:
  1. Click the Vista Orb, type system, locate the “System” shortcut in the Program list and double-click to open it
     
  2. Click the Remote Setting shortcut (require administrative privilege if UAC is turned on) in the Task pane (on the left)
     
  3. In the Remote Desktop section, select the “Don’t allow connection to this computer” option and click Apply button.
     
  4. Select either “Allow connections from computers running any version of Remote Desktop (less secure)” or “Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)” option and click Apply button – to reactivate Remote Desktop service to listen on new TCP port number.

For Windows XP SP2 computer:
  1. Right-click My Computer icon
     
  2. Select Properties option from the pop-up context menu
     
  3. Click on the Remote tab of System Properties dialog box
     
  4. In the Remote Desktop section, untick the check box that labelled “Allow Users To Connect Remotely To This Computer” and click the Apply button
     
  5. Tick the check box that labelled “Allow Users To Connect Remotely To This Computer” and click the OK button

Now, the netstat -an | find "443" will showing the TCP 443 port listening for RDP connection!

How to connect to a Windows Remote Desktop service that is not listening on the default TCP 3389 port number?

Open the Remote Desktop Connection client and specify the host:port syntax (e.g. Vista-Ultimate:443) as the connection string.

Remote Desktop port forwarding in Windows Vista using Putty SSH client.
Instruct the Windows Vista Remote Desktop Connection client to connect to localhost at TCP port 9999 (via SSH Port Forwarding) instead of the default RDP listening port
With reference to Microsoft Technet on Enable or Disable Remote Desktop and Microsoft Knowledge Base article KB306759 on How to change the listening port for Remote Desktop

Custom Search

  1. redirete 11-11-08@23:45

    Interestign! You think it’ possible to enable 2 different ports to listen for a connection. I need default connection for some users and a different one for myself connecting behind a university firewall.
    Tnx in advance

  2. deko 30-01-09@08:57

    Thanks, very helpful post.

  3. Sporty 06-02-09@10:39

    You forgot about Windows Firewall. If you want to listen to port 3390 you need to add that port to the exceptions list because 3389 is the default port that is opened in the firewall with Vista. Probably WinXP too.

  4. Walker 07-02-09@10:56

    Thank you for reminding me the firewall setting.
    I didn’t realize it because I don’t use the firewall.

  5. bikram 14-03-09@06:07

    Thanks for reminding to restart Terminal services.
    Before restarting Terminal Services, even I changed the lis-port, wasn’t working.
    Thanks, you rock.

  6. Adamster 18-01-11@05:35

    @ECHO OFF
    set PORTNUMBER=
    set /P INPUT=Type PORTNUMBER: %=%
    echo Your Port Number was: %INPUT%
    reg add “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp” /v PortNumber /t REG_DWORD /d %INPUT% /f
    netsh advfirewall firewall add rule name=”RDP-2″ dir=in action=allow protocol=TCP localport=%INPUT%
    pause

2014  •  Privacy Policy