Very few people knows that Windows comes with the built in feature of remote desktop client. This feature allows users to access the complete windows environment remotely. If you want you can not only use it for the RDP port but also can tweak it for security.
Just simply put in the default port for using Remote Desktop Protocol is 3389. To make it RDP accessible with in the local area network this port should be open through firewall. This can also be accessible over the internet (which according to our recommendation is not so safe). However if somebody needs to do that then to make it work properly the RDP port should be forwarded through the main Internet router.
Now let’s begin the procedure of how to open port 3389 in Windows Firewall and the router.
How you can Allow RDP port through Windows Firewall
Go to Windows Settings (Windows key + i)
Go to Update & Security –> Windows Security and click on Firewall & network protection from the right-hand listing. This will open a new window.
Click the link Allow an app through firewall
Click on Change settings
Search for Remote Desktop from the list. It should be there by default. If it is not there, you should click on Allow another app button and navigate to the following:
If you want to allow Remote Desktop on the local network only, check the checkbox labeled Private. And if you want it publicly available, you should check the Public checkbox too.
Press Ok for the changes to take effect.
How to Allow RDP port through Router by using (NAT Translation)
You should only follow these two steps if you want to use Windows Remote Desktop over the Internet.
Allow RDP port through Public network from Windows Firewall (or any other firewall) as we did in the previous step.
Allow RDP port through the router which is giving you the Internet access and then translate the incoming port 3389 to the computer of our choice.
The most important thing to remember is that if you are using public IP while connected to the internet then no need to follow the second step. We have given you this idea because most of the time people are using routers while connected to internet, both home and corporate.
For every router configuration for opening a port is different. Defining every configuration will not be suitable because it will results in confusion. So we will define you the configuration of kiero control. But no need to worry because good thing is that for most routers terminology is almost similar.
So it will be easy for you to follow the steps if you are using an different router. In the following we will walk you through the steps using kiero control for the office work.
Open your router’s configuration page. Normally it should be the same as your default gateway. For me, it is http://192.168.1.1
After logging in, go to Traffic Rules, Add a new rule
Name your rule and keep it Generic. Keep the action to Allow and press Next button.
Keep the source to Any. That means users will be able to connect to this specific port from anywhere.
Add Firewall to the Destination. You can keep it unchanged if you want.
Under Services, select Port and specify 3389.
Under NAT Translation, enable destination NAT, specify the IP address of your computer and also specifically the port translation to 3389.
How to Change the default port of RDP
While opening RDP over the Internet, if you are keeping the RDP port to 3389. Then it is a serious security threat. We recommend you to change the default port from 3389 to something above 10000. For instance keep it between 30000 and 40000 which is considered as relatively safer as the port scanners will start scanning from port 1.
For changing the RDP port instructions are given below.
Go to Run –> regedit to open the Registry Editor.
Locate the following key:
In the right-hand pane, double-click on PortNumber.
Change the value to Decimal and specify the port number between 1001 to 254535.
Conform that if the Port 3389 is Open and listening
Sometimes you successfully opens the RDP port but ironically you couldn’t connect to the computer remotely. In that scenario first thing to do is making sure that you can access port 3389 (or any other port if you have changed it) remotely.
Follow the instructions to check port 3389 is open and listening.
Open PowerShell by going to Run –> powershell
Run the following command
tnc 192.168.1.2 -port 3389
Replace the IP address 192.168.1.2 with your computer’s IP. Replace it with your router’s public IP if you have allowed public access to your computer through the router. The value of TcpTestSucceeded should be true.
Hopefully this guide will help you to control you remote desktop according to your will. We have try hard to explain this complex procedure in the easiest way possible to avoid any kind of confusion for our readers.