一个脚本解决Windows远程桌面3389端口更改,防止被扫描,提高安全性(含防火墙放行)
方法1:
保持为bat文件执行即可
@echo off
setlocal enabledelayedexpansion
REM Verify administrator privileges
net session >nul 2>&1
if %errorLevel% neq 0 (
echo ERROR: This script requires administrator privileges!
echo Please right-click and "Run as administrator"
pause
exit /b 1
)
echo.
echo ===== Windows Server 2019 RDP Port Changer =====
echo.
echo [WARNING] This operation will disconnect current RDP session!
echo [WARNING] Ensure you have console access or alternative connection method!
echo.
set /p "port=Enter new port number (1024-65535): "
echo.
echo [ALERT] This will restart remote services and disconnect all RDP sessions!
choice /c YN /n /m "Are you sure you want to continue? [Y/N]"
if errorlevel 2 exit /b
REM Create temporary PowerShell script
set "psScript=%temp%\~changeRDP.ps1"
(
echo #Requires -RunAsAdministrator
echo try {
echo Write-Host "Changing RDP port to %port%..."
echo Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name "PortNumber" -Value %port% -Force
echo Write-Host "[1/3] Registry updated successfully"
echo.
echo New-NetFirewallRule -DisplayName "Remote Desktop (Custom TCP)" -Direction Inbound -Action Allow -Protocol TCP -LocalPort %port% -ErrorAction Stop ^| Out-Null
echo New-NetFirewallRule -DisplayName "Remote Desktop (Custom UDP)" -Direction Inbound -Action Allow -Protocol UDP -LocalPort %port% -ErrorAction Stop ^| Out-Null
echo Write-Host "[2/3] Firewall rules created"
echo.
echo Restart-Service TermService -Force
echo Write-Host "[3/3] Terminal services restarted"
echo.
echo Write-Host "`n[SUCCESS] RDP port changed to %port%" -ForegroundColor Green
echo Write-Host "Reboot the server for changes to take full effect" -ForegroundColor Yellow
echo Write-Host "Connect using: $env:COMPUTERNAME:%port% or [SERVER_IP]:%port%" -ForegroundColor Cyan
echo } catch {
echo Write-Host "[ERROR] Failed to change port: $_.Exception.Message" -ForegroundColor Red
echo exit 1
echo }
) > "%psScript%"
REM Execute PowerShell script
powershell.exe -ExecutionPolicy Bypass -File "%psScript%"
REM Cleanup
del "%psScript%" >nul 2>&1
echo.
echo Operation completed. You may be disconnected immediately.
timeout /t 5 /nobreak >nul方法2:
自行修改下方代码的 12345端口
# PowerShell 管理员执行,修改为 12345 端口
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 12345 /f
# 然后放行防火墙(端口 12345)
netsh advfirewall firewall add rule name="RDP Custom Port" dir=in action=allow protocol=TCP localport=12345方法3:
第一步:打开 “高级安全 Windows 防火墙” → 左侧选 入站规则 → 右侧 新建规则。
1)选择 端口 → TCP → “特定本地端口”填 33335 → 允许连接 → 勾选需要的配置文件(常选“公用/专用/域”全选)→ 命名如“RDP TCP 33335”。
2)再建一条UDP的,选择 端口 → UDP → “特定本地端口”填 33335 → 允许连接 → 勾选需要的配置文件(常选“公用/专用/域”全选)→ 命名如“RDP UDP 33335”。
第二步:用 regedit 改端口。进入:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
双击 PortNumber,改为 33335(十进制模式)。
第三步:重启 Remote Desktop Services 或整机。
测试 公网IP:33335 登录成功后,回到“入站规则”,把“Remote Desktop - User Mode (TCP/UDP-In)”这两条3389的端口规则右键→禁用即可(它们是预定义,不能改端口,所以选择禁用)。
文章资料来源:
版权声明:
作者:John
链接:https://vps.la/2025/09/21/%e4%b8%80%e4%b8%aa%e8%84%9a%e6%9c%ac%e8%a7%a3%e5%86%b3windows%e8%bf%9c%e7%a8%8b%e6%a1%8c%e9%9d%a23389%e7%ab%af%e5%8f%a3%e6%9b%b4%e6%94%b9%ef%bc%8c%e9%98%b2%e6%ad%a2%e8%a2%ab%e6%89%ab%e6%8f%8f%ef%bc%8c/
文章版权归作者所有,未经允许请勿转载。
THE END
