We recommend the use of site-to-site *** or point-to-site *** Remote Access Port Access Management (RDP, SQL host, etc.). Security group or the network configuration, the DMZ is divided
Another method is the default port change to a larger range. This is not very good security, because the port is still fully exposed to the Internet, but better than the direct use of 3389.
The following procedure will update the RDP port, create inbound firewall rules and updated Windows Azure Security Group (NSG).
Note: As with any change, this change in production before, make sure you fully understand the contents of changes to be made, and there is a rollback plan.
Windows firewall and registry changes #PS Code:
# Write-host "What Port would you like to set for RDP: " -ForegroundColor Yellow -NoNewline;$RDPPort = Read-Host
# Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TCP\" -Name PortNumber -Value $RDPPort
New-NetFirewallRule -DisplayName "RDP HighPort" -Direction Inbound –LocalPort $RDPPort -Protocol TCP -Action Allow Write-host "port number is $RDPPORT" -ForegroundColor MagentaWrite-host "Launch RDP with IP:$RDPORT or cmdline MSTSC /V [ip]:$RDPORT"
Steps:
# Using Powershell update VM port
1. The administrator runs the Powershell command line
2. Paste command line, type VM Host will use high-end port
![clip_image002[7]](https://s4.51cto.com/images/blog/202003/17/81704fec8c6a29bfb86875a6e2afde9a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image002[7]")
3. Configure Windows Firewall policy
![clip_image003[7]](https://s4.51cto.com/images/blog/202003/17/23ef97878972367f904314ef051c4bae.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image003[7]")
RDP and Windows Firewall with the new port configuration update
4. Restart the VM Host
# GUI graphical interface by updating the network security group (NSG).
1. Select Modify VM Host, click on the network interface name
![clip_image004[5]](https://s4.51cto.com/images/blog/202003/17/91e1a867362feaebba83d7a5475cf4b9.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image004[5]")
2. Network security group
![clip_image005[5]](https://s4.51cto.com/images/blog/202003/17/4b6d9cf78772902f36d733026c4e7019.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image005[5]")
3. Click Network Group Name
![clip_image006[5]](https://s4.51cto.com/images/blog/202003/17/4598f51596df920e3562ad49fd946dbd.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk= "clip_image006[5]")
4. Select the default-allow-rdp
5. Click on Advanced
6. Select the port to update the port range we need to customize.
7. Click outside the box, "Save"
8. Wait NSG updated, it was confirmed that the port is listening by Powershell TNC: {TNC IPAddress -Port PORT} confirmed as true.
Start RDP, enter {IPAddress: Port}, a new high verify the configuration access port
