1. A key to close the port dangerous
The command line saved in the bottom division in the name of "a key to close the dangerous port .bat" file (note the suffix .bat), double-click the file to shut down dangerous port
@echo off
color 1f
title common risk ports closed
echo Windows Firewall is turned on
echo.
netsh advfirewall set currentprofile state on > nul
netsh advfirewall set publicprofile state on > nul
echo.
echo firewall has been successfully launched.
echo.
echo.
cls
echo common risk being shut down ports, please wait ...
echo.
echo is close 20,21,23,135,139,161,443,445,3389 port ...
netsh advfirewall firewall add rule name="20_21_23_135_137_138_139_161_443_445_3389" protocol=TCP dir=in localport=20,21,23,161,135,139,445,3389 action=block
echo is shutting down 137,138 port ...
netsh advfirewall firewall add rule name="20_21_23_135_137_138_139_161_443_445" protocol=UDP dir=in localport=137,138 action=block
echo common risk port has been closed.
echo.
echo.
echo.
echo.
echo
key to close a hazard echo port (sohikoryuu; 513)
echo.
echo Press any key to exit.
pause> null
2. Modify the remote port scheme
Modify the remote port scheme
windows remote desktop default is 3389, in order to avoid scanning is not so with the intention of brute force account information of the remote server or vps. You can modify the default port 3389 to other ports, such as 33389. Preferably port 10000 for future modification, to avoid port conflicts with other programs in the system.
First, modify the default port number for Remote Desktop:
Click the lower left corner of the desktop "Start", type "regedit" in the search box, and press Enter to open the registry, enter the following registry key "HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Wds \ rdpwd \ Tds \ tcp", in right found PortNamber, can see the default value is 3389, modified to a desired port (2000-65535 sELECT) can,
Here we have to "33389" for example, note the use of the decimal. See below:
再打开"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server \ WinStations \ RDP-Tcp ", the value of PortNumber modified to port 33389, attention decimal.
This port number changes are complete.
Second, the remote port changes take effect
Restart the computer, or right-click "Computer", click on "management", the pop-up window on the left choose "Services and Applications" -> "Services", find "Remote Desktop Services", right click and select "Restart" to the port changes take effect. If the user's computer firewall is turned off, you can now connect your computer through Remote Desktop on another computer.
Firewall settings:
But usually for security, will be kept open state of the firewall. Therefore also need to modify inbound firewall rules. Right computer, click Properties to enter, click on the top left corner of the "Control Panel", find "windows firewall", then the firewall is turned on. Right click on "Advanced Settings" -> "Inbound Rules"
Note that you need to modify two registry are HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal
Server\Wds\rdpwd\Tds\tcp和HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro1Set\Control\TenninalServer\WinStations\RDP-Tcp
Third, configure inbound firewall rule
Windows Firewall -> Inbound Rules -> New -> port -> tcp-> 33389-> allowed to connect.
Reproduced in: https: //www.jianshu.com/p/91fe9a8c6f3b