Setting Up and Securing Remote Desktop on Windows: A Comprehensive Guide

This tutorial will guide you through the process of enabling Remote Desktop Protocol (RDP) on your Windows system, configuring the appropriate firewall rules to allow inbound connections, and changing the default RDP port for enhanced security.

Prerequisites

  • A Windows system with Administrator privileges

Step 1: Open PowerShell as an Administrator

To run the necessary commands, you'll need to open a PowerShell session with Administrator privileges. To do this:

  1. Click the "Start" button in the lower-left corner of the screen.
  2. Type "PowerShell" in the search bar.
  3. Right-click on "Windows PowerShell" in the search results and select "Run as administrator." (if you have Windows Server, just run Powershell)

Step 2: Enable Remote Desktop

To enable Remote Desktop on your Windows system, run the following command in the PowerShell window:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

Step 3: Configure Firewall Rules for Remote Desktop

Next, you'll need to enable the necessary firewall rules to allow inbound connections for Remote Desktop. Run the following command in the PowerShell window:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Step 4: Change the Default RDP Port

In this example, we'll change the default RDP port from 3389 to 32989. You can choose a different port number if you prefer, but make sure it's not already in use by another service.

Run the following command in the PowerShell window to change the RDP port:

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\" -Name PortNumber -Value 32989

Step 5: Configure Firewall Rules for the Custom RDP Port

Create new firewall rules to allow inbound connections on the custom RDP port. Run the following two commands in the PowerShell window to create the necessary rules for both TCP and UDP protocols:

New-NetFirewallRule -DisplayName "Custom RDP Port (TCP-In)" -Direction Inbound -LocalPort 32989 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "Custom RDP Port (UDP-In)" -Direction Inbound -LocalPort 32989 -Protocol UDP -Action Allow

Step 6: Verify the Configuration

To verify that Remote Desktop has been enabled and the new RDP port and firewall rules have been configured correctly, run the following two commands in the PowerShell window:

Get-NetTCPConnection -LocalPort 32989
Get-NetUDPEndpoint -LocalPort 32989

If the configuration was successful, you should see information about the new RDP port and the associated firewall rules.

Step 7: Connect to the Custom RDP Port

When connecting to your system via RDP, make sure to specify the new custom port in your Remote Desktop client. For example, if your system's IP address is 10.20.30.40 and you've changed the RDP port to 32989, enter the following in the "Computer" field of your Remote Desktop client:

10.20.30.40:32989

That's it! You've successfully enabled Remote Desktop, configured the necessary firewall rules, and changed the default RDP port on your Windows system. Remember to use the custom port when connecting to your system via RDP in the future.