RDP Port Range in Windows Server 2016/2019 — Which Port to Use and How to Configure It
Short description: in this article, we will explore the RDP port range in Windows Server 2016/2019, how to change the default port, which ports are safe to use, and how to properly configure remote access.
What is it
RDP (Remote Desktop Protocol) is a technology that allows you to remotely connect to a Windows server or computer over a network. It is widely used by system administrators, businesses, and IT professionals to manage servers and perform remote work.
Every RDP connection uses a network port. By default, Windows Server 2016/2019 uses port 3389. This is the port through which remote connections are established.
A port is a logical number (from 0 to 65535) used for communication between devices. If the port is open and correctly configured, a connection can be successfully established.
When it is needed and where it is used
Understanding the RDP port range is essential in various scenarios, especially for system administration and security.
- when configuring remote access to a server
- if port 3389 is blocked by the provider
- to improve server security
- when running multiple servers on one IP
- to prevent brute-force attacks
- when working with VPS or cloud servers
- to restrict access to RDP
The default port 3389 is frequently scanned by bots, making it a common target for attacks.
Main reasons and capabilities
In Windows Server 2016/2019, you can use almost any port within the following range:
- 1024–65535 — dynamic (user) ports
Why this range is recommended:
- ports below 1024 are reserved by the system
- lower chance of conflicts
- better security
Main advantages of changing the port:
- reduces attack attempts
- improves flexibility
- allows multiple RDP services
- better firewall control
Recommended ports include:
- 2000–65000 range
- unused ports
- custom ports like 3390, 50000, 55000
Step-by-step instructions
- Open Registry Editor (Win + R → regedit)
- Navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp - Find the PortNumber parameter
- Change the value to your desired port (decimal format)
- Save changes
- Open Windows Firewall
- Create a new inbound rule
- Specify the new TCP port
- Allow the connection
- Restart the server
Connection setup
After changing the port, connect using:
IP:port
Example:
192.168.1.100:3390
Additional security settings
- use strong passwords
- restrict access by IP
- use a VPN
- enable Network Level Authentication (NLA)
- enable two-factor authentication
Common mistakes
- port not opened in firewall
- incorrect registry value
- port conflicts with other services
- wrong connection format
- server not restarted
Frequently asked questions
Can I use any port?
Yes, within the 1024–65535 range.
Is changing the port safe?
Yes, it improves security.
Does it affect performance?
No, port number does not impact performance.
Does it work on laptops?
Yes, if the system supports it.
Do I need to restart the server?
Yes, it is required.
How to check if it works?
Try connecting using the new port.
Conclusion
The RDP port range in Windows Server 2016/2019 allows flexible configuration and improved security. Using a non-standard port significantly reduces attack risks and improves control over remote access.