All Products
Search

This Product

    :Change the remote desktop connection port for a Windows instance

    Document Center

    :Change the remote desktop connection port for a Windows instance

    Last Updated:Oct 31, 2025

    The default port for Remote Desktop Protocol (RDP), TCP 3389, is a frequent target for automated attacks. To enhance the security of your Windows instance, you can change this default port to a non-standard one. This reduces the risk of discovery by malicious scanning tools.

    Procedure

    Step 1: Configure the new port in the security group

    1. Go to ECS console - Instances. Click the target instance's ID.

    2. On the instance details page, select the Security Groups tab and click the security group ID.

    3. Add an inbound rule to allow traffic on the new port. Allow both TCP and UDP to support the UDP acceleration feature in recent RDP versions.

      Keep the existing rule for port 3389 for now. After you verify the connection on the new port, you can delete the rule for port 3389.
      Using Workbench to connect to port 13389 as an example.

      Protocol

      Destination

      Authorization Object

      TCP

      13389/13389

      • 47.96.60.0/24

      • 118.31.243.0/24

      • 8.139.112.0/24

      • 8.139.99.192/26

      UDP

      13389/13389

    Step 2: Modify the registry to change the RDP port

    1. Log on to the ECS instance.

      1. Go to ECS console - Instance. In the top navigation bar, select the target region and resource group.

      2. Go to the details page of the target instance, click Connect, and select Workbench. Set the connection method to Terminal, enter the username and password, and then log on to the graphical terminal page.

    2. Choose a new port.

      Choose an unused port in the 10000 - 65535 range. In PowerShell, run the command netstat -ano | findstr :<port_number> to verify that the port is available.

    3. Modify the registry.

      1. In the taskbar search box, type regedit and open the Registry Editor.

      2. In the left navigation pane, expand HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp. In the right pane, locate and double-click PortNumber.

      3. Select Decimal under Base, and enter the new port number in the Value data field.

    Step 3: Apply the configuration and verify the connection

    1. Go to the details page of the target instance and click Restart. After the instance restarts, click Connect and select Workbench.

    2. In the Instance Login window, select Terminal. Click More Options and enter the new port number in the Port field.

      Important

      After changing the default RDP port, you must specify the new port each time you connect.