Change port Remote Desktop
Spiceworks Help Desk
The help desk software for IT. Free. Track users' IT needs, easily, and with only the features you need.
Learn More »
Get answers from your peers
along with millions of IT pros who visit Spiceworks.
Join Now
HI there, i have a client computer in which windows 10 is installed, i have changed the RDP port from 3389 to 123456 from the procedure given below.
then i have allowed 123456 in windows firewall from Advance Settings > Inbound Rule > New Rule > Port > 123456 > Allow the connection > Domain, Private, Public all checked and saved the rule but when i am trying to access the client machine through RDP i am not able to do that, is there anything i am missing in the steps please do let me know.
Best Answer
Serrano
OP
Bappy
Nov 16, 2020 at 12:27 UTC
Bapco Systems is an IT service provider. When you launch Remote Desktop are you placing the port number at the end of the computer name you are connecting to?
View this "Best Answer" in the replies below »
19 Replies· · ·
Habanero
OP
KrasiPetrov
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
restart
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 12:02 UTC
KrasimirPetrov_ can you please explain it to me more because i am not getting it what you just write i am sorry for being so dumb ...
0
· · ·
Serrano
OP
Bappy
Nov 16, 2020 at 12:21 UTC
Bapco Systems is an IT service provider. Are you adding the new port number on the end of your Remote Desktop. I.e. remote computer:3390 or whatever port you change it too?
0
· · ·
· · ·
Serrano
OP
Best Answer
Bappy
Nov 16, 2020 at 12:27 UTC
Bapco Systems is an IT service provider. When you launch Remote Desktop are you placing the port number at the end of the computer name you are connecting to?
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 12:27 UTC
KrasimirPetrov_ i am can see a one entery named
fDenyTSConnections and its value is already 0 . can you please tell me what to do with thtat ...
0
· · ·
Serrano
OP
Bappy
Nov 16, 2020 at 12:28 UTC
Bapco Systems is an IT service provider. You can also add in the telnet feature thru add remove programs and type in telnet remote computer 3333 and see if it connects
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 12:28 UTC
Bappy no i didnt not try that, you mean do i have to mentioned the port after the IP or name ? you mean if the computer name is RD and IP is 192.168.2.40 then i should connect it through 192.168.2.40:3333 or RD:3333 if i am right please tel me. i am accessing the computer through windows mstsc service.
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 12:32 UTC
Bappy thanks man, you made my life easy. you are a life saver ... thanks for your concern, settings was okay but i didnt know i have to mention the port with the computer name, now i can access it through the changed port. thanks. really appreciated your concern :)
0
· · ·
Habanero
OP
KrasiPetrov
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Just in case your rdp service is not enabled mstsc /v:192.168.2.40:3333 you need to specify the port in rdp client
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 12:35 UTC
KrasimirPetrov_ yes thanks, really appreciated your concern, setting was okay i was missing that port thing, now i can access it .. really thanks.
0
· · ·
Jalapeno
OP
thomastheobald2
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
How long do you wager the inclusion of the tag "public" in that open port will take before it bites you somewhere uncomfortable? T
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 14:17 UTC
thomastheobald2 what you mean by this ? i didnt get your point ? what exactly you are trying to say ?
0
· · ·
Jalapeno
OP
ZX Christopher
Nov 16, 2020 at 14:31 UTC
I think he means to say that tagging a Port used for RDP as Public might lead to unwanted attention, as it were. Even changing the default RDP Port to another port might not mitigate the risk.
0
· · ·
Poblano
OP
Cashif2106
Nov 16, 2020 at 14:37 UTC
spicehead-wm05c thanks for your concern man... i havent done this practice till now, i was testing them on virtual machine :$ ... these changes are not done live yet.. but really thanks in future i will avoid to mention such information ...
0
· · ·
Datil
OP
greggmh223
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Changing the port is called "security by obscurity" and it is NOT a good method because ports scans WILL FIND that open open port. "Obscurity" these days lasts a few minutes at best.
1
· · ·
Poblano
OP
Cashif2106
Nov 17, 2020 at 05:44 UTC
greggmh223 i have cisco asa 5520 firewall installed, and traffic is going through it, and as you said about requires a login and 2FA before it, can you please tel me how i cab enable it because if i am missing something then i will configure it as well. please.
0
· · ·
Jalapeno
OP
thomastheobald2
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
That's exactly it. Malign actors scan every IP, all ports, and when they find one they try a number of protocols on them - RDP included. So leaving one open and exposed, even if it is a non-standard port, is inviting a bad actor to try a credential stuffing attack on your RDP, or a brute-force. And if there's some kind of zero-day which enables someone to get in through RDP, then you're really borked. Best to keep RDP access closed until / unless you need it, and then manually open it (or have someone do so for you while you talk to them over the phone). Hope this helps - T
1
· · ·
Poblano
OP
Cashif2106
Nov 17, 2020 at 09:28 UTC
thomastheobald2 , yes i understand that. that means i am depending on someone then to enable the rdp for me whenever i need it, i cant leave it on for all the time. thanks for your concern and your time to make me understand all this.
0
· · ·
Datil
OP
greggmh223
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I have no experience with Cisco firewalls. With WatchGuard firewalls (known as a "Firebox"), I can set them up to use an internal "Firebox-DB" user database or tie the login to Active Directory and use 2FA (I use both Duo Security and WatchGuard AuthPoint). I prefer the latter.
0
This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question. |