Windows comes with a remote desktop client that can be used to access the complete Windows Desktop environment remotely. It’s very useful for people who use multiple computers for work. One of our readers has asked about the RDP port and how to tweak it for security. You can open the Remote Desktop Connection client by going to Run –> mstsc. Simply put, the default port for using the Remote Desktop Protocol is 3389. This port should be open through Windows Firewall to make it RDP accessible within the local area network. If you want to make it accessible over the Internet (which is not safe), the RDP port should be forwarded through the main Internet router to work properly. Let’s talk about how to open port 3389 in Windows Firewall and the router.
Allow RDP port through Windows Firewall
Allow RDP port through Router (using NAT Translation)
If you want to use Windows Remote Desktop over the Internet, you will need to do two steps:
Allow RDP port through Windows Firewall Allow RDP port through Router (using NAT Translation) Change the default port of RDP Check if port 3389 is open and listening
Please note that if you are connected to the Internet using a public IP, you don’t need the second step but normally people are connected to the Internet using routers, both home, and corporates. The configuration for opening a port is different for each router. Since I’m using Kerio Control for my office network, I will walk you through the steps using Kerio Control. The terminology should be similar for most routers so it’ll be easy for you to follow the same steps for your specific router.
Change the default port of RDP
If you are opening RDP over the Internet, keeping the RDP port to 3389 is a security threat. It is recommended that you change the default port from 3389 to something above 10000. I, normally, keep it between 30000 and 40000 which is relatively safe as the port scanners will start scanning from port 1. If you want to change the RDP port, follow the steps below:
Check if port 3389 is open and listening
There are times when you successfully open the RDP port but you’re unable to connect to the computer remotely. In that case, make sure that you are able to access port 3389 (or any other port if you have changed it) remotely. Follow the steps below to check if port 3389 is open and listening. Replace the IP address 192.168.1.2 with your computer’s IP. Replace it with your router’s public IP if you have allowed public access to your computer through the router. The value of TcpTestSucceeded should be True. If you want to check the port using the command prompt, you can follow this guide. I hope this guide is useful for you and now you can control your remote desktop the way you want. If you have any questions or if I have left any confusion in this article, let me know through the comments below. Your comments are highly appreciated!