Step-by-Step Guide to Secure Your Windows Server 2019/2022

1. Change Windows Password

  1. Log in to your Windows Server 2019/2022 via RDP.
  2. Press Ctrl + Alt + End on your keyboard. This will bring up the security options on the remote server.
  3. Select "Change a password" from the options.
  4. Enter your current password in the "Old password" field.
  5. Enter your new password in the "New password" field.
  6. Re-enter your new password in the "Confirm password" field.
  7. Click the arrow button or press Enter to confirm the change.

2. Change RDP Port and Restrict Access

Change RDP Port

  1. Open the Registry Editor:
    • Press Win + R, type regedit, and press Enter.
  2. Navigate to the following registry subkey: 
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  3. Find the "PortNumber" key:
    • Double-click on "PortNumber".
    • Select "Decimal" and change the value to your desired port number.
    • Suggested Port Range: Use a port number between 49152 and 65535 to avoid conflicts with well-known services.
  4. Click "OK" and close the Registry Editor.
  5. Restart the server to apply the changes.

Important Warning

  • Record the New RDP Port:
    • Ensure you make a note of the new RDP port number. If you forget it, you will not be able to access the server remotely using RDP.

Restrict RDP Access to a Specific IP

  1. Open Windows Defender Firewall with Advanced Security:
    • Press Win + R, type wf.msc, and press Enter.
  2. Create a New Inbound Rule:
    • Click on "Inbound Rules" in the left pane.
    • Click "New Rule..." in the right pane.
  3. Select "Port" and click "Next".
  4. Choose "TCP" and specify the port number you set in the registry (e.g., 3390).
  5. Select "Allow the connection" and click "Next".
  6. Apply the rule to the appropriate profiles (Domain, Private, Public) and click "Next".
  7. Name your rule (e.g., "RDP Custom Port") and click "Finish".
  8. Edit the Rule to Restrict IP:
    • Find your newly created rule in the list and double-click it.
    • Go to the "Scope" tab.
    • Under "Remote IP address", select "These IP addresses" and click "Add".
    • Enter the specific IP address you want to allow and click "OK".

Format for RDP Connection

  • When connecting via RDP, use the format IP:Port (e.g., 192.168.1.100:3390).
Was this answer helpful? 9 Users Found This Useful (11 Votes)