Modify Windows Remote Desktop Default Port 3389
Windows 10’s default RDP port has been the same for so long that many admins or normal end users already know about it. (TCP 3389). Unfortunately, though, they aren’t the only ones. It’s typically the first one hackers try, meaning anyone with the default setting is more prone to a successful attack.
As a result, it can be well worth taking the time to change RDP port in Windows 10. It won’t radically increase your server’s security, but this small change can combines with other techniques to create a much safer experience on the whole.
To change port, Execute Powershell (Run as Admin)
Query the current port
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"
- Change windows default RDP port
# CHANGE BELOW PORT TO YOUR DESIRED PORT NUMBER $portvalue = 33389 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue
Note: A system reboot is required to activate above settings.
Disable Windows Default Share
Windows administrative shared folders are used for remote access and computer management. Disabling them can increase security by minimum. While Windows administrative shares are convenient for managing computers remotely, they also present additional security risks. You can completely prevent Windows from creating these hidden admin shares. This will not disrupt the operation of the Windows computer used as the client but will limit its remote administration capabilities.
[Execute Powershell Terminal (CMD) as Admin]
Query Shares Information using Powershell commands…
Get-WmiObject Win32_Share | Format-Table -AutoSize
- Disable Shares via REGEDIT CMD (FOR WORKSTATION)
You can create this registry entry manually by using the reg add command:
reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /f /v AutoShareWks /t REG_DWORD /d 0
- Disable Shares via POWERSHELL CMD (FOR SERVERS OS)
Set-ItemProperty -Path "HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" -Name "AutoShareServer" -Value 0 -Type DWord
Explanation:
-
AutoShareServer(for servers): Prevents automatic creation of administrative shares. -
AutoShareWks(for workstations): Same purpose but for client versions (e.g., Windows 10/11)
After running the command:
-
Restart the “Server” service or reboot the server:
Note: Or its better to restart the system to activate above settings.
Regard’s
Syed Jahanzaib
Syed Jahanzaib - سید جہانزیب - Personal Blog to Share Knowledge ! 