How to Change the RDP Port on Windows Server Using PowerShell
By default, Windows Server listens for RDP connections on port 3389. Changing this to a different port helps reduce exposure to automated attacks targeting the default port.
Before you start: Run this from a console session (KVM/VNC) or be prepared for your RDP session to disconnect — you will need to reconnect on the new port afterwards.
Step 1 — Choose Your Port
3389 is the default RDP port and must be changed. Replace it with any number between 1024 and 65535 that is not already in use on your server. Avoid common ports such as 80, 443, 22, 21, 8080, or 3306. Pick something random and uncommon — the less predictable, the better.
Step 2 — Run the Script
Open PowerShell as Administrator, change $Port = 3389 on the first line to your chosen port number, then run:
$Port = 3389
New-NetFirewallRule -DisplayName "Allow RDP TCP $Port" -Direction Inbound -Protocol TCP -LocalPort $Port -Action Allow -Profile Any
New-NetFirewallRule -DisplayName "Allow RDP UDP $Port" -Direction Inbound -Protocol UDP -LocalPort $Port -Action Allow -Profile Any
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name PortNumber -Type DWord -Value $Port
Restart-Service TermService -Force
Start-Sleep 3
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name PortNumberThe last line will print the active port number to confirm the change was applied.
Step 3 — Reconnect
In your RDP client, add the new port to your server's IP address like this:
203.0.113.50:YOUR_PORTNote: If your server is behind a network firewall or your hosting control panel has a firewall, remember to open the new port there as well.
