As convenient as staying with default ports for services on your server is, the sad truth is that thanks to attackers this is probably not such a good idea.

In order to change the listening port for Remote Desktop connections on your Windows Server 2008 R2 instance, you’ll need to first edit the registry and then allow the change in through the firewall.

The steps are as follows:

  1. Start Registry Editor (Start -> Run -> Type ‘regedit’ -> Enter)
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
  3. On the Edit menu, click Modify, and then click Decimal.
  4. Type the new port number, and then click OK.

Then, if you are running a firewall, you’ll need to add an exception for your newly selected port so that traffic over it is indeed allowed. To do this:

  1. Go to Windows Firewall with Advanced Security >> Inbound Rules >> New Rule >> Enter port number >> Next >> Next >> Done

With all the values changed and the new firewall rule in place (very important if you are doing this with a machine that you don’t actually have physical access to!), close the registry editor and restart/reboot the server.


container ship docked at sydney container port

(And if you are working remotely, then enjoy the agonizing wait before you can try to connect again all while hoping that you did everything correctly first time around! Stressful to say the least.)