Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1303
  • Last Modified:

Using different ports for Remote Desktop

I'm trying to use other ports other than 3389 for remote desktop.

My plan is it use wan ip xx.xx.xxx.xxx:4000-xxxx for my other remote desktop users.
  • 4
  • 4
  • 3
1 Solution
You can set this in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

As a side note, it is a pain to set this on the client's side, you can send them out the connection file or have them connect using command line switches.
Hi there;

 WARNING: The Remote Assistance feature in Windows XP may not work properly if you change the listening port. To change the port that Remote Desktop listens on:
1) Start Registry Editor (Regedt32.exe).
2) Locate the following key in the registry:
3) On the Edit menu, click Modify, click Decimal, type the new port number, and then click OK.
4) Quit Registry Editor.

NOTE: When you try to connect to this computer by using the Remote Desktop connection, you must type the new port.

You need to add this to the default.rdp file for the XP terminal client... Add this line anywhere in the file.
server port:i:your port number
ie server port:i:4000

Best Regards

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

SecurityResourcesIncAuthor Commented:
Thank you for the quick responds

I was more looking for a Firewall soultion rather than configuring clients registry.
The registry entry was for the TS server, not the clients, my second post shows how to get the clients to connect.

You can set your firewall to port forward from an off port such as 4000 to 3389 on your TS server. You didn't state that in your question... ;)

I do this as well, the whole security by obscurity thing but your clients will still have to change the port they connect to.
SecurityResourcesIncAuthor Commented:
not quite.

I have a Sonicwall Pro 2040 Enhanced.

I've been able to create a service called Remote Desktop that uses port 3389 and it works as planned.

My goal is to use the same WAN IP address as programed above but to use port 4000. I believe this is called port forwarding. However, I'm slightly confused and the sonicwall Pdf isn't helping.


any ideas?
It would be better to state that in the question too...I missed the tags...Though, i learned to change now...lol
Try this one instead and substitute the ports you want to use rather than the VPN ports they are using.

SecurityResourcesIncAuthor Commented:
I had a collogue help me out.

Here was my problem I kept using the wizard to make my other remote desktop users. The key is once the remote desktop service is created theres no need to recreate it which is what I kept doing.

Also, what was throwing me off is that in the wizard it creates a private ip which is not necessary.

This is what we came up with.

1.      Create an Address Object allowing a WAN IP/ External IP to access the Firewall.
a.      Network > Address Object > Click Add button.
b.      Name: WAN IP/ External IP Access
c.      Zone Assignment: Host
d.      Type : Wan
e.      IP Address: Whatever your External IP Address is.
f.      Click OK
What youve done here is create a way for you to access this firewall from outside the network.

2.      Next, create your custom port.
a.      Go to Firewall > Services, put a bullet for Custom Services this will make it easier to see.
b.      Scroll down to the Services area and click on the Add button.
c.      From here is where you:
i.      Name the port that you are opening and assign what port to be open.
ii.      Protocol: for Remote Desktop is TCP (6)
iii.      Port Range: For me I wanted my Remote Desktop users to start Using 9000. So the port Range is 9000-9000.
iv.      And Sub Type I left alone. Then click OK.
3.      To keep things organized we added Services to a Services Group
a.      Click Add Group ex. Remote Desktop; for us since we had more than Remote Desktop users we called it External Ports.
b.      Then select your newly created Service from the left column and put it on the right by highlighting and then using the arrow button.
c.      Then click OK
4.      Next we went to Network > Address Object; place a bullet in Custom Address Objects.
a.      Click the Add Button
b.      Name: Username PC
c.      Zone Assignment: LAN
d.      Type: Host
e.      IP Address: Enter local IP address of computer or machine ex.
f.      Click OK
5.      Now, below Address Objects select NAT Policies ; place a bullet in Custom Policies. This is what binds the Outside IP address to the local IP address using your custom port.
a.      Original Source: Any (any request from the outside coming to the firewall)
b.      Translated: Original (keep the request the same, say if you want to enter through port 3389)
c.      Original Destination: Public IP Address (WAN IP/ External IP)
d.      Translates: Username PC (Custom Address Objects)
e.      Original Service: created Port 9000
f.      Translated: Remotes Desktop
g.      Interface Inbound: Any
h.      Interface Outbound: Any
i.      Click ok.

I hope this helps anyone who's had any confusion from reading, http://www.sonicwall.com/downloads/Configuring_SonicWALL__Port_Forwarding.pdf , Standard is pages 2 to the top of 3. For me I had enhanced which started on page 3-7.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 4
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now