home » Android » Connecting an rdp client via the Internet. What is the standard RDP connection port and how to change it. Common Errors When Connecting to Remote Desktop

Connecting an rdp client via the Internet. What is the standard RDP connection port and how to change it. Common Errors When Connecting to Remote Desktop

RDP is a Remote Desktop Protocol. From English, this abbreviation stands for Remote Desktop protocol. It is needed to connect one computer to another via the Internet. For example, if a user is at home, and he urgently needs to fill out documents in the office, he can do it using this protocol.

How RDP works

The other computer is accessed through TCP port 3389 by default. On every personal device, it preinstalled automatically... In this case, there are two types of connection:

  • for administration;
  • to work with programs on the server.

Servers on which Windows Server is installed support two remote RDP connections at once (if the RDP role is not activated). Non-server computers have only one input.

The connection between computers is made in several stages:

  • a protocol based on TCP, requests access;
  • defines a Remote Desktop Protocol session. During this session instructions are approved data transmission;
  • when the definition phase is completed, the server will transfer to another device graphical output... At the same moment, he receives data from the mouse and keyboard. Graphical output is an exactly copied image or commands for drawing various shapes, line types, circles. Such commands are key tasks for this kind of protocol. They greatly save traffic consumption;
  • the client computer turns these commands into graphics and displays them on the screen.

Also, this protocol has virtual channels that allow you to connect to a printer, work with the clipboard, use an audio system, etc.

Connection security

There are two types of secure connections via RDP:

  • built-in system (Standard RDP Security);
  • external system (Enchanced RDP Security).

They differ in that the first type uses encryption, ensuring integrity is created using standard means that are in the protocol. And in the second type, the TLS module is used to establish a secure connection. Let's take a closer look at the work process.


Built-in protection it is carried out like this - at the beginning, authentication takes place, then:

  • when turned on, there will be generatedRSA the keys;
  • a public key is produced;
  • signed by RSA, which is wired into the system. It is available on any device with Remote Desktop Protocol installed;
  • the client device receives a certificate upon connection;
  • is checked and this key is received.

Then encryption occurs:

  • the RC4 algorithm is used as standard;
  • for Windows 2003 servers, 128 bit protection is used, where 128 bit is the key length;
  • for servers Wndows 2008 - 168 bits.

Integrity is controlled by generating mac-codes based on MD5 and SHA1 algorithm.

The external security system works with TLS 1.0, CredSSP modules. The latter combines the functionality of TLS, Kerberos, NTLM.

End of connection:

  • computer checks permission at the entrance;
  • the cipher is signed using the TLS protocol. This is the best defense option;
  • admission is allowed once. Each session is encrypted separately.

Replacing the old port value with the new one

In order to register a different value, you must do the following (relevant for any version of Windows, including Windows Server 2008):





Now, when connecting to a remote table, you need to specify a new value after the IP address separated by a colon, for example 192.161.11.2:3381 .

Replacing with PowerShell Utility

PowerShell also allows you to make the necessary changes:

  • reboot is recommended;
  • after the device turns on, enter the "regedit" command in the "start" menu. Go to the directory: HKEY_ LOCAL_ MACHINE, find the CurrentControlSet folder, then the Control folder, go to Terminal Server and open WinStations. Click on the RDP-Tcp file. A new value should be set here.
  • Now you need to open the RDP port on the firewall. Enter Powershell, type in the command: netsh advfirewall firewall add rule name \u003d "NewRDP" dir \u003d in action \u003d allow protocol \u003d TCP localport \u003d 49089 ... The numbers should mean the port to which the old one was interrupted.

Could not open connection file default.rdp

Most often, this error occurs when problems withDNS server... The client computer cannot find the name of the specified server.

In order to get rid of the error, you must first check if the host address is entered correctly.

In another case, if a bug occurs, you need to take the following steps:

  • go to " My documents»;
  • find the default.rdp file. If you don’t find, check the box “ Folders settings»To show hidden files and folders;
  • now delete this file and try to reconnect.

What is Remote Desktop

Using Windows Remote Desktop (rdp) can be a very useful and convenient solution to the issue remote computer access... When can Remote Desktop be useful? If you want to control your computer remotely (both from a local network and from anywhere in the world). Of course, for these purposes, you can use third-party ones, such as others. But often these programs require access confirmation on the side of the remote computer, they are not suitable for the simultaneous parallel use of a computer by several users, and still work slower than the remote desktop. Therefore, such programs are more suitable for remote assistance or maintenance, but not for everyday work.

It can be very convenient to use Remote Desktop for users to work with certain programs. For example, if you need to demonstrate to a distant user the operation of a program (provide an opportunity for demo access for testing). Or, for example, you have only one powerful computer in your office with a demanding program installed. On other weak computers, it slows down, and everyone needs access. Then a good solution would be to use a remote desktop: everyone from their "dead" computers connect via rdp to the powerful one and use the program on it, without interfering with each other.

Static ip address. What is needed for remote access via rdp

One of the important points regarding configuration and subsequent use of remote desktop is the need for a static ip-address on the remote computer. If you are setting up a remote desktop that will only be used within the local network, then there is no problem. However, in the main, Remote Desktop is used just for external access. Most providers provide subscribers with dynamic IP-addresses and this is quite enough for normal use. Static ("white") ip-shniki, as a rule, are provided for an additional fee.

Configuring Windows Remote Desktop

Well, we figured out why we need a remote desktop. Now let's start setting it up. The instruction considered here is suitable for Windows 7, 8, 8.1, 10. In all the listed operating systems, the setting is the same, the differences are insignificant and those are only in how to open some windows.

First you need to configure the computer to which we will connect.

Attention! Your account must have administrator rights.

1. Opening Start - Control Panel .

In Windows 8.1 and 10, it is convenient to open Control Panel by right-clicking on the icon Start and choosing from the list Control Panel .

Next, select system and safety - System ... (This window can also be opened in a different way: click Start then right click on Computer and choose Properties ).

Setting up remote access .

3. In the section Remote Desktop choose:

- Allow connections only from computers running Remote Desktop with network-level authentication ... Suitable for clients who have version 7.0 of Remote Desktop installed.

- ... Suitable for connecting legacy clients.

4. Click Apply .

5. By button Select users a window opens in which you can specify the accounts on the computer that will be allowed to connect remotely. (This procedure is also called adding a user to a group )

Administrative users have access to remote work by default. However, in addition to actually connecting, any account must be password protected, even the administrator account.

6. Add to the group Remote Desktop Users a new user with normal rights (not an administrator). To do this, press the button Add to

In field Enter names selectable objects, enter the name of our user. I have it Dostup1 ... Press Check names .

If everything is correct, then the computer name will be added to the username. Push OK .

If we don’t remember the exact username or don’t want to enter it manually, click Additionally .

In the window that opens, press the button Search .

In field searching results all computer users and local groups appear. Select the desired user and click OK .

When you have selected all the necessary users in the window Choice: Users push OK .

Now into the group Remote Desktop Users a user with a regular account will be added Dostup1 ... To apply the changes, click OK .

7. If you are using a third-party, then you will need to additionally configure it, namely open TCP port 3389. If you only have the built-in Windows firewall, then nothing needs to be done, it will be configured automatically as soon as we have allowed the use of the remote desktop on the computer ...

This completes the basic configuration of the remote computer.

Network settings, port forwarding

As mentioned above, for remote desktop access you need a static ip address.

If you do not have any routers and the Internet cable goes directly to the computer, then skip this section, move on to the next. If you use a router, then you need to make additional settings in it.

If you plan to use the remote desktop only on the local network, then it will be enough only to assign the local ip to the desired computer (perform the first part, without port forwarding). If you need external access, then you need more. To open access to the remote desktop, you need to forward TCP port 3389.

Configuring Remote Desktop Connection

Go directly to remote desktop connection, that is, client-side settings.

1. Let's start .

You can do this in Windows 7 through the menu Start - All programs - Standard - Remote Desktop Connection .

In Windows 8, it is convenient to start through a search. Push Start , click on the magnifying glass icon in the upper right corner and start typing the word "remote" in the search field. From the proposed search options, select Remote Desktop Connection .

On Windows 10: Start - All Apps - Standard Windows - Remote Desktop Connection .

2. First of all, let's check which version of the protocol is installed. To do this, click on the icon in the upper left corner and select the item About the program .

Checking the version of the desktop protocol. If 7.0 or higher, then everything is in order, you can connect.

If the protocol version is lower (this is possible on outdated Windows versions), then you need to either update it, or lower the security level in the settings of the remote computer (i.e. select Allow connections from computers with any version of Remote Desktop (more dangerous) ).

You can download Remote Desktop updates for outdated operating systems using the links below:

3. Specify the connection parameters:

In field Computer we register the ip-address of the remote computer to which we are going to connect. (Local - if we connect within the local and real (the one given by the Internet provider), if the remote computer is outside the local network). I have the first option.

Note. You can find out what your external static IP address is, for example, through the Yandex.Internetometer service.

4. Click To plug .

You will be prompted to enter your credentials. Enter the login and password of any user on the remote computer who has the rights to use the remote desktop. In my example, this is Admin or Dostup1 ... Let me remind you that your accounts must be password protected.

Enter your username and password, put a tick opposite Remember credentials to avoid entering them the next time you connect. Of course, you can remember your credentials only if you are working from a personal computer, to which unauthorized persons do not have access.

Push OK .

A warning will pop up. Check the box Do not display any more prompts for connections to this computer and press Yes .

If everything is done correctly, then you will see a remote desktop in front of you.

Note. Let me remind you that you cannot simultaneously connect via a remote worker from several computers under one user. That is, if it is planned that several people will work with the remote computer at the same time, then for each you will need to create a separate user and grant rights to use the remote desktop. This is done on a remote computer, as discussed at the beginning of the article.

Advanced Remote Desktop Settings

Now a few words about additional settings for connecting to a remote table.

To open the settings menu, click on Parameters .

General tab

Here you can change the connection parameters. By clicking on the edit link, you can edit the username and password for the connection.

You can save the already configured connection parameters. Click on the button Save as and choose a place, for example, Desktop ... Now on Desktop a shortcut will appear that immediately launches a remote desktop connection without the need to specify parameters. This is very convenient, especially if you periodically work with several remote computers or if you are not configuring for yourself and do not want to confuse users.

Screen tab

In the tab Screen you can specify the size of the remote desktop (it will occupy the entire screen of your monitor or be displayed in a small separate window).

You can also choose the color depth. If your internet connection is slow, it is recommended to choose a shallower depth.

Local Resources tab

Here you can configure sound parameters (play it on a remote computer or on a client, etc.), the order of using Windows hotkey combinations (such as Ctrl + Alt + Del, Ctrl + C, etc.) when working with a remote desktop ...

One of the most useful sections here is Local devices and resources ... Checking the box Printer , you get the ability to print documents from a remote desktop to your local printer. Check mark Clipboard activates a single clipboard between the remote desktop and your computer. That is, you can use the usual copy and paste operations to transfer files, folders, etc. from a remote computer to yours and vice versa.

By pressing the button More details , you will be taken to the settings menu, where you can connect additional devices on your computer to the remote desktop.

For example, you want to have access to your disk while working at a remote computer D ... Then click on the plus sign opposite Devices to expand the list and tick the drive D ... Push OK .

Now, when connecting to a remote desktop, you will see and access your disk D across Conductor as if it were physically connected to the remote computer.

Advanced tab

Here you can select the connection speed for maximum performance, as well as set the display of the desktop background, visual effects, and more.

Removing a Remote Desktop Connection

Finally, consider how to remove a remote desktop connection... When is it needed? For example, earlier, remote access was organized to your computer, but now the need for this has disappeared, or even you need to prohibit unauthorized connections to your computer's remote desktop. This is very easy to do.

1. Opening Control Panel - system and safety - System as we did at the beginning of the article.

2. In the left column, click on Setting up remote access .

3. In the section Remote Desktop choose:

- Do not allow connections to this computer

Done. Now no one will be able to connect to you via remote desktop.

Remote desktop is a functional of the operating system that allows you to administer a remote computer in real time using a local network or the Internet as a data transmission medium. There are a great many remote desktop implementations, depending on the protocol or operating system. The most common solution in the operating system of the Windows family is Remote Desktop Protocol (RDP), and in systems based on the Linux kernel - VNC and X11.

How to enable remote desktop capability

By default, the ability to become an RDP session server is disabled on a Windows workstation.

Right-click on the “My Computer” icon, select “Properties” from the context menu.

We select the item "Setting up remote access" in the left menu. This will require administrator privileges.

The "System Properties" window will open, in which, on the "Remote Access" tab, you need to set the permission to access this computer as it is done in the screenshot below.

If necessary, you can select the users under which it is possible to log into the system.

In addition, if you have a Firewall installed, you will need to create an allowing rule to connect to this computer in the properties of the network adapter or in the Windows Firewall applet in the Control Panel.

How to connect to a remote desktop

There are several ways to connect to a remote desktop. Go to the main menu of the system "Start - All Programs - Accessories - Connect to Remote Desktop"

Or run the command in the Windows command line (or the window " Execute»)

Both of these methods are equivalent and run the same program - the Remote Desktop Connection Wizard.

In the wizard window, you can specify the name or IP address of the computer to which you want to connect, as well as specify special parameters such as screen resolution, transfer of local (clipboard, local disks) or remote (sounds) resources.

Enter the IP address of the remote node and press the button " To plug».

Most likely we will see a warning about problems with the authentication of the remote computer. If we are sure that we have not made a mistake in spelling the address or name, then we can click "Yes", after which the connection to the node will be initialized.

In addition, you will need to enter the credentials of the remote user.

If we are not mistaken anywhere, then after some time we will see the desktop of the remote computer, where we can perform certain actions. Control the mouse pointer, enter characters from the keyboard, and so on.

As mentioned earlier, for the convenience of system administration, we can transfer local resources, such as printers, logical drives or the clipboard on a remote machine.

To do this, in the window of the Remote Desktop Connection Wizard, go to the "Local Resources" tab, click on the "More ..."

And in the window that opens, select, for example, Local disk (C :).

Now, when connecting a remote desktop, we will see our local drive (C :) of the computer from which the connection is made.

How to increase the security of your remote desktop

It's no secret that leaving a computer with remote desktop activated and connected to the Internet is unsafe. The fact is that various types of attackers constantly scan the ranges of network addresses in search of running network services (including the remote desktop) in order to further hack them.

One way that can make it harder for an attacker to find a running terminal service (RDP) service is to change the default port number to a different value. By default, the RDP service listens on the 3389 / TCP network port while waiting for an incoming connection. It is to this port that attackers try to connect first. We can say with almost 100% certainty that if a port with this number is open on a computer, then Windows is running on it with remote access allowed.

Attention! Further actions with the system registry must be performed very carefully. Changing certain parameters can render the operating system unusable.

In order to change the port number of the remote desktop, you need to open the registry editor and open the section:

HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Control \\ Terminal Server \\ WinStations \\ RDP-Tcp

Then find REG_DWORD the PortNumber parameter and change its value in decimal system to an arbitrary number (from 1024 to 65535).

After the value is changed, the computer should be restarted. Now, to access the remote desktop, you need to additionally specify our port separated by a colon. In this situation, you must specify as the computer name 10.0.0.119:33321

Well, attackers, having tried the standard port, will probably conclude that remote access via the RDP protocol is not allowed on this computer. Of course, this method will not save you from targeted attacks, when every network port is carefully checked in search of a loophole, but it will protect you from massive template attacks.

In addition, you need to use a rather complex and long password for those accounts that are allowed access via remote desktop.

Greetings, dear readers, and again Denis Trishkin is in touch.

I recently came across a question like "Remote Desktop" (RDP Windows 7). This tool allows you to operate your computer using a different device. So, for example, the user can use home equipment to perform all the necessary functions on a PC located in the office. Agree, in some situations such an opportunity is convenient. But at the same time, you must first debug everything correctly.

In order to enable rdp, you need to do a few things:

Establishing a connection( )

To establish a connection via rdp, you first need to know its IP address. To do this, on the desired device, go to the command line (open "" and write " cmd»).

In the window that appears, indicate "". A list will open in which you need to find a string with the IPv4 parameter. The numbers that are indicated opposite are the data we need.

After that, on the computer from which we plan to connect, run the rdp client or "". To do this, go to " Start"And then go to" Standard».

to enlarge

A window will open where the equipment address (IPv4) is set. Then press "".

If everything is indicated, as it should be, a menu will appear in which you need to enter your username and password to establish communication.

Before that, there is a choice of " Parameters", Where various rdp settings are provided:


Update( )

It is important to understand that with constant work with this tool, it is necessary that it perform all its functions at 100%. Otherwise, users may simply not achieve their goals.

For correct functioning, all settings must be correctly specified. But in some cases this is not enough. It is also worth installing all upcoming rdp updates from Microsoft on time. This can be done not only in the appropriate center provided in the operating system itself, but also on the official developer page.

Changing the RDP port( )

For a standard connection to a remote computer, port 3389 is used. In this case, communication occurs via the TCP protocol. Therefore it is used without udp.

To improve the security of the connection, it is possible to change the RDP port. Changing the value will reduce the risk of intrusion into the system in case of automated password guessing.

For the procedure, you must use the registry editor:


No connection( )

Sometimes users may face a situation where rdp doesn't work. It is important to note that, judging by the statistics, the user still manages to get to the server, but some network tools do not let him go further. There are several effective ways to solve this problem.

There is an opinion that the connection via Windows Remote Desktop (RDP) is very insecure in comparison with analogs (VNC, TeamViewer, etc.). As a result, it is a very rash decision to open access from outside to any computer or server of the local network - they will definitely be hacked. The second argument against RDP usually sounds like this - "it eats traffic, for a slow Internet is not an option." Most often, these arguments are not supported by anything.

RDP has been around for a long time, it debuted on Windows NT 4.0 more than 20 years ago, and a lot of water has flowed under the bridge since then. At the moment, RDP is as secure as any other remote access solution. As for the required bandwidth, there are a bunch of settings in this regard, with which you can achieve excellent responsiveness and save bandwidth.

In short, if you know what, how and where to configure, then RDP is a very good means of remote access. The question is different, but how many admins tried to delve into the settings that are hidden a little deeper than on the surface?

Now I will tell you how to protect RDP and configure it for optimal performance.

First, there are many versions of the RDP protocol. All further description will apply to RDP 7.0 and higher. This means that you have at least Windows Vista SP1. For retro lovers there is a special update for Windows XP SP3 KB 969084 which adds RDP 7.0 to this OS.

Setting # 1 - encryption

On the computer to which you are going to connect, open gpedit.msc Go to Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security

Set the parameter "Require the use of a special security level for remote connections using the RDP method" to "Enabled" and the Security level to "SSL TLS 1.0"

With this setting, we have enabled encryption as such. Now we need to make sure that only strong encryption algorithms are used, and not some DES 56-bit or RC2.

Therefore, in the same branch, open the "Set encryption level for client connections" parameter. Turn on and select the "High" level. This will give us 128-bit encryption.

But this is not the limit. The highest level of encryption is provided by FIPS 140-1. In this case, all RC2 / RC4 automatically go through the forest.

To enable the use of FIPS 140-1, you need to go to Computer Configuration - Windows Configuration - Security Settings - Local Policies - Security Settings in the same snap-in.

We look for the option "System cryptography: use FIPS-compliant algorithms for encryption, hashing and signing" and enable it.

And finally, be sure to enable the "Require secure RPC connection" option along the path Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security.

This parameter requires mandatory encryption from connecting clients according to the settings we configured above.

Now with encryption in full order, you can move on.

Setting # 2 - port change

By default, the RDP protocol hangs on TCP port 3389. For a change, you can change it, for this you need to change the PortNumber key in the registry at

HKEY_LOCAL_MACHINE \\ System \\ CurrentControlSet \\ Control \\ Terminal Server \\ WinStations \\ RDP-Tcp

Setting # 3 - Network Authentication (NLA)

By default, you can connect via RDP without entering your login and password and see the Welcome screen of the remote desktop, where you will be asked to log in. This is just not at all secure in the sense that such a remote computer can be easily DDoSed.

Therefore, in the same branch, we enable the option "Require user authentication for remote connections by authentication at the network level"

Setting # 4 - what else to check

First, verify that the "Accounts: Allow blank passwords only at console logon" option is enabled. The setting can be found under Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Security.

Secondly, do not forget to check the list of users who can connect via RDP

Setting # 5 - speed optimization

Go to Computer Configuration - Administrative Templates - Windows Components - Remote Desktop Services - Remote Session Environment.

Here you can and should adjust several parameters:

  • The greatest color depth - you can limit it to 16 bits. This will save traffic by more than 2 times compared to 32-bit depth.
  • Forced cancellation of the wallpaper of the remote table - it is not needed for work.
  • Setting the RDP compression algorithm - it is better to set the Optimize bandwidth usage value. In this case, RDP will consume a little more memory, but it will compress more efficiently.
  • Optimize visual effects for Remote Desktop Services sessions - set to Text. For work, what you need.

Otherwise, when connecting to a remote computer from the client side, you can additionally disable:

  • Anti-aliasing of fonts. This will greatly decrease the response time. (If you have a full-fledged terminal server, then this parameter can also be set on the server side)
  • Desktop composition - responsible for Aero, etc.
  • Display a window while dragging
  • Visual effects
  • Styles - if you want hardcore

We have already predefined the rest of the parameters of the desktop background type and color depth on the server side.

Additionally, on the client side, you can increase the size of the image cache, this is done in the registry. At the address HKEY_CURRENT_USER \\ SOFTWARE \\ Microsoft \\ Terminal Server Client \\, you need to create two keys of type DWORD 32 BitmapPersistCacheSize and BitmapCacheSize

  • BitmapPersistCacheSize can be set to 10000 (10 MB) By default, this parameter takes a value of 10, which corresponds to 10 KB.
  • BitmapCacheSize can also be set to 10000 (10 MB). You will hardly notice if the RDP connection eats up the extra 10 MB of your RAM

I will not say anything about forwarding any printers, etc. Anyone who needs it throws it.

This concludes the main part of the setup. In the following reviews, I will tell you how you can further improve and secure RDP. Use RDP correctly, everyone has a stable connection! See how to make an RDP terminal server on any version of Windows.

Type

Related entries:

Folders and files. What is a folder? What are files and foldersFolders and files. What is a folder? What are files and folders Editing the context menuEditing the context menu What is an optical drive and floppy driveWhat is an optical drive and floppy drive Customizing the Windows7 ToolbarCustomizing the Windows7 Toolbar Beautiful icon for program folderBeautiful icon for program folder
New or popular