Are you allowed to change the Remote Desktop port? Options

[Argyle]

Hi.

Are you allowd to change the Remote Desktop port used on Windows 2003? To have some security by obscurity. Or does that invalidate the SLA?

I'm not to comfortable with people being able to directly connect with Remote Desktop to the server.

Maybe a better idea would be to add a second IP and use it for management and block port 3389 on the "frontend" IP that is exposed to the public. But the the question still stand if it's allowed to change the port?

Thx

[eddy2099]

You can change the port if you know how. Then just inform SM Support about the change. That should do.

[rslyonserv]

How did you change the port ?
I would like to do the same.
I try what microsoft said at :
http://support.microsoft.com/default.aspx?scid=187623
And then i could not connect the server !
Any ideas how i connect from the client side using windows XP ?
I tried using IP:port like 10.100.100.105:443 but did not work.

[Argyle]

443 is used for HTTPS as well. Make sure that no conflict exist with the port you choose.

You also need to have a a third party remote tool installed while you change it since the change requires a restart of terminal services (or create a small bat file to stop and restart the service but that's a bit risky).

Can you still connect to the standard port 3389?

[GoltharNL]

Im sure you can do that.
With the linux packages you are allowed to change the SSH port to.
For additional security, you can firewall the port off from everybody but yourself and the noc (but I chose not to in case I lock myself out)

[BlizzardDigital]

443 is used for HTTPS as well. Make sure that no conflict exist with the port you choose.
You also need to have a a third party remote tool installed while you change it since the change requires a restart of terminal services (or create a small bat file to stop and restart the service but that's a bit risky).
Can you still connect to the standard port 3389?

Actually, if you don't mind rebooting your server you don't need a 3rd party remote. Go to the registry: HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
edit port number > change to decimal view > change port number
As you stated make sure it's an unused port. Example 3390. Exit the registry. Go to start > shutdown and choose restart. When it reboots you can access by typing servername:3390 in your Remote Desktop client.

All done.

[klaude]

Please let us know when you do this. It'll delay support if we can't RDP into the server when we need to.

[Argyle]

Is it enough to enter the new port in the escalation procedures or do you need to open a ticket?

[klaude]

Update your passwords in Orbit. There should be a "note" field in the form. Enter the port you've changed RDP to listen on there.