If you regularly use non-Linux machines or need the ability to remote into a graphical user interface to accomplish a task outside of SSH either from or to a Windows machine, chances are you’ve used Microsoft’s remote desktop application – aptly named ‘Microsoft Remote Desktop‘. If you haven’t used it – it’s a fantastic application that can be found on most devices (desktop and mobile) and is very intuitive to use and set up.
While the application is very reliable from a functionality perspective, it raises the same security concerns any application needs when configured for port forwarding in your router’s settings for external access.
In this tutorial, I’ll walk you through how to change the port used by Microsoft Remote Desktop to something other than the default 3389. While the risk of having an open port will still exist, we’ll at least add some extra security by changing it from a port less likely to be targeted by someone trying to force their way onto your network.
Updating the Port Assignment in Windows 10’s Registry Editor
Open the Windows 10 start menu and type “regedit”. When the ‘Registry Editor’ application appears, click “Run as administrator” to open the application’s interface.
From there, navigate to the following registry key using the menus on the left:
Within the ‘RDP-Tcp’ folder, find the ‘PortNumber’ subkey, right-click it, and select ‘Modify’.
Change the ‘Base’ value from Hexadecimal to Decimal and update the ‘Value Data’ field to a new port number of your choice (preferably not a common number like 8008, 5555, etc.).
Once you’ve updated the value, click ‘OK’. Exit the Registry Editor and click ‘OK’ if a prompt appears telling you to restart your computer for the changes to take effect (we’ll do that after the next step).
Updating Windows Defender Firewall to Allow Incoming Connections on the New Port
Now that we’ve updated the port Microsoft Remote Desktop will use to be accessed, we’ll need to tell the Windows firewall to allow incoming connections referencing the new port number.
Head back to the start menu and type ‘Windows Defender Firewall with Advanced Security’. Open the application that appears.
In the interface that pops up, click ‘Inbound Rules’ on the left, and then navigate to the ‘Action’ menu in the title bar and click ‘New Rule…’. Complete the setup wizard with the following:
In the “Rule Type” section, select “Port” and hit “Next”.
In the “Protocol and Ports” section, select “TCP” at the top and enter your new Microsoft Remote Desktop port number (that you had assigned in the Registry Editor earlier) in the space next to “Specific local ports:”. Click “Next”.
In the “Action” section, select the radio button next to “Allow the connection” and click “Next”.
In the “Profile” menu, select the network types you’d like the rule to apply to and click “Next”.
In the “Name” section, name your rule (I named mine “Remote Desktop Port 9005”) and click “Finish”.
The last step is to head into your router’s settings and change or add a port forwarding rule for the new Remote Desktop port assignment so your machine can be accessed from outside your network.
Restart your computer for all of the above to take effect.
If you followed the steps above, you should be able to access your Windows machine running Microsoft Remote Desktop from outside your network using the new port you had assigned.
If you have any questions or feedback, please feel free to reach out in the comments below.
If you’ve found this or any of the other posts on SHIFT14 helpful, please consider supporting the site through a one-time PayPal donation or ongoing support through Patreon. My goal is to continue providing in-depth guides for the technical community and the support helps justify the time and resources spent doing so.