How to change the Terminal Services or Remote Desktop Port

  • July 18, 2012
  • Read 123,327 times
 

Introduction

Many organizations that use Remote Desktop Services or Terminal Services are not using a VPN connection before allowing connections to their in-house servers or workstations.  If no VPN is required, this means that the Terminal Server or Remote Desktop is publicly visible and allows connections from anyone on the network and in most cases the Internet.  This is a major security risk because it allows remote hackers to attempt to use password cracking attacks on your accessible servers in order to gain remote access. As Remote Desktop Services are configured by default to listen on TCP port 3389, all a hacker has to do is scan the Internet for computers that have that port open and then use a cracking program to try and crack the computer's accounts and passwords. This may seem like a hard task, but it is actually not difficult at all using free and publicly available tools.

The process is not only simple but pretty much automated for the hacker. They first use a port scanning tool to scan the Internet for IP addresses that have port 3389 open. They then load this list of IP addresses along with a custom or included user name and password list into the cracking software and let it run. This program runs until its done and then spits out a list of cracked accounts, passwords, and their associated IP addresses. The hacker then takes this information, logs into the remote computers and does what they want, such as encrypting all your data and making you pay a ransom. As you can see, this process may be time consuming, but it's really not hard to do.

Therefore, by changing the port that Terminal Services or Remote Desktop Services listens on, your computer would not show up when they scan IP addresses for 3389. This significantly reduces your chances of having these services remotely hacked. It is not 100% foolproof and VPN services are much more secure, but it definitely goes a long way in securing your Terminal Server or Remote Desktop Server.

This tutorial will explain how to change the port that your Terminal Services or Remote Desktop Services listen on. It will also explain how connect to these services through the Remote Desktop Client using a custom port.

 

How to change the Terminal Server or Remote Desktop listening port

The port setting for Remote Desktop Services is found in the Windows Registry. In order to change this setting we will need to change the PortNumber value in the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

WARNING: Before making any Registry modifications it always advisable to make a complete backup of your Windows Registry before proceeding. To do this, you can use the free ERUNT tool to easily and quickly make a complete backup of your Registry that you can restore in the event of an issue.

To change the port, click on the Windows Start button and type Regedit in the search field and then press Enter on your keyboard. If you are in Windows XP, you will have to click on the Run button before typing. Once you press enter, the Registry Editor screen will appear as shown below.

 

Registry Editor
Windows Registry Editor

 

Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp key and when there left click once on the RDP-Tcp key in the left pane. In the right pane of the windows you will now be presented with a list of values that are under this key. Scroll down on the right until you see the PortNumber value as shown below.

 

PortNumber value
PortNumber Value

 

Now double-click on the PortNumber value and you will be shown a small dialog where you can change its value. When the dialog opens, it will be configured to show you the hexadecimal equivalent of the port number. As it easier to use decimal numbers, select the Decimal radio selection under the Base category. The dialog box should now be similar to the one below.

 

Edit the PortNumber value
Edit the PortNumber Value

Type the new port number that you would like to use instead of 3389 in the Value data field and then press the OK button. You can now close the Registry Editor program.

You now need to reboot your computer in order for the changes to go into effect.

Your Remote Desktop Services or Terminal Server is now configured to use the new port that you entered.

 

How to connect to a Terminal Server or Remote Desktop that is using a custom port

When you use the Remote Desktop Client to connect to a remote computer it will automatically attempt to make the connection on port 3389. If you are connecting to a computer that uses a custom Remote Desktop Services port you must specify the custom port as part of the address you are connecting to. To do this, you simply add a colon followed by the port number to the IP address or host name you are connecting to. For example, if you were connecting to the host rd.example.com and it used a custom port of 8178, you would need to specify rd.example.com:8178 as the computer you are connecting to.

Examples of a Windows and Mac Remote Desktop Client connecting to a remote port are show below:

 

Windows Remote Desktop Client
Windows Remote Desktop Client

Mac Remote Desktop Client
Mac Remote Desktop Client

 

As you can see in the above pictures, you specify the port as part of address by using a colon.

You should now know how to connect to a Terminal Server or Remote Desktop Server that is using a custom port.

Users who read this also read:

  • Tracing a hacker Image
    Tracing a hacker

    Have you ever been connected to your computer when something strange happens? A CD drive opens on its own, your mouse moves by itself, programs close without any errors, or your printer starts printing out of nowhere? When this happens, one of the first thoughts that may pop into your head is that someone has hacked your computer and is playing around with you. Then you start feeling anger tinged ...

  • How to create an Application Whitelist Policy in Windows Image
    How to create an Application Whitelist Policy in Windows

    In Windows it is possible to configure two different methods that determine whether an application should be allowed to run. The first method, known as blacklisting, is when you allow all applications to run by default except for those you specifically do not allow. The other, and more secure, method is called whitelisting, which blocks every application from running by default, except for those ...

  • How to update Windows Image
    How to update Windows

    When Windows, like any other operating system, is created there are bugs introduced into the software that could affect how the operating system runs. These bugs could cause Windows to not run reliably or could cause security vulnerabilities that would make Windows vulnerable to attacks. When these bugs are discovered, Microsoft creates updates to fix these issues and makes them available through ...

  • How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI) Image
    How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector (PSI)

    One of the most important things a user can do to keep their computer secure is make sure they are using the latest security updates for Windows and their installed programs. Unfortunately, staying on top of these updates can be a time consuming and frustrating task when you have hundreds of programs installed on your computer. Thankfully, we have a utility called Secunia PSI, which is vital ...

  • How to show File Extensions in Windows Image
    How to show File Extensions in Windows

    The default setting for Windows is to not display a file's extension. Therefore, when viewing files in Windows you would only see the portion of the filename that precedes the last period in it. To show what this means, if you have a file called test.doc.txt, Windows will only display test.doc. From this filename, you would then assume this is a Word document, but when you double-click on it, ...

 

Comments:

blog comments powered by Disqus
search tutorials
Mandiant mWise Conference 2024

Login