All Products
Search
Document Center

:How to View and Modify the Default Port of a Remote Desktop for a Windows Instance

Last Updated:Apr 27, 2022

Disclaimer: This topic may contain information about third-party products. The information is for reference only. Alibaba Cloud does not make a guarantee in any form of the performance and reliability of the third-party products, and potential impacts of operations on these products.

Overview

The default port for remote desktops of ECS instances in Windows is 3389. Due to security considerations, some users need to modify the default port to reduce the number of malicious attacks and scanning ECS instances through remote desktops. Therefore, this topic describes how to view and modify the default port of remote desktops for Windows instances. Before you perform this operation, read the following notes.

Description

Take note of the following items:

  • Before you perform high-risk operations such as modifying the specifications or data of an Alibaba Cloud instance, we recommend that you check the disaster recovery and fault tolerance capabilities of the instance to ensure data security.
  • Before you modify the specifications or data of an Alibaba Cloud instance, such as an Elastic Compute Service (ECS) instance or an ApsaraDB RDS instance, we recommend that you create snapshots or enable backups for the instance. For example, you can enable log backups for an ApsaraDB RDS instance.
  • If you have granted specific users the permissions on sensitive information, such as usernames and passwords, or submitted sensitive information in the Alibaba Cloud Management Console, we recommend that you modify the sensitive information at the earliest opportunity.

The default port for remote desktops of Windows instances in ECS is 3389. Due to security considerations, some users need to modify the default port to reduce the number of malicious attacks and scanning ECS instances through remote desktops. Therefore, this topic describes how to view and modify the default port of remote desktops for Windows instances. Before you perform this operation, read the following notes.

  • Before modifying the registry, you need to fully understand the operating mechanism of the Windows system to avoid incorrect operations.
  • To avoid data loss, create snapshots for the system and data disks of the instance before you modify the registry. For more information, see Create snapshots.

For more information about how to view and modify the default port of a remote desktop for a Windows instance, see the following:

View ECS Windows Remote Desktop Port

There are multiple methods to view the ECS Windows remote desktop port. For more information, see the following three methods:

Method 1

  1. For more information, see Connect to a Windows instance from a local client.
  2. Choose Start > Run, enter a cmd, and open a command line window.
  3. Run the following command to view the process information:
    tasklist /svc  find "Ter"
    The system display is similar to the following. In this example, the PID of the TermService is 1592.
  4. Run the following command to view the ports used by the TermService:
    netstat -ano  find "1592"
    The system display is similar to the following. In this example, the port number is 3389.

Method 2

  1. For more information, see Connect to a Windows instance from a local client.
  2. Choose Start > Run, enter a regedit, and open the Registry Editor.
  3. Find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp, and then find the PortNumber child key value.
  4. Find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp, check and then find the portnumber value. Generally, the two values are the same as the PortNumber sub-key value, that is, the port of the remote service.

Method 3

  1. For more information, see Connect to a Windows instance from a local client.
  2. Choose Start > Run and enter cmd to open a command line window.
  3. Execute the following command to return the list of items under the subkey of the registry and the subkey of the next layer:
    reg query "hklm\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds" /s
    The system display is similar to the following. In this example, the hexadecimal value of the PortNumber is 0xd3d, which is equivalent to the 3389 in decimal.
  4. Run the following command to view the PortNumber value of the RDP-Tcp:
    reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v portnumber

Modify ECS Windows Remote Desktop Port

You can modify the default port of a remote desktop for a Windows instance as follows:

  1. For more information, see Connect to a Windows instance from a local client.
  2. Choose Start > Run, enter a regedit, and open the Registry Editor.
  3. Find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\Wds\rdpwd\Tds\tcp, and then find the PortNumber child key value. Change this value to the required port.
  4. Find the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp, and then find the PortNumber child key value. Change this value to the required port.

The following are the subsequent operations to modify the default port of a remote desktop for an ECS Windows instance:

Applicable scope

  • Elastic Compute Service (ECS)