Even though network attackers can find the port that is in use, changing TS port from 3389 can make it more difficult to attack a TS server.
TS port can be changed from the registry
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Value: Port Number
Type: REG_DWORD
Data: 3389 in decimal or d3d in hex
We can use any ephemeral port ranging from 1024-4999 by default. After making the registry changes restart the terminal services
To check the port on which terminal server is listening run nestat –aon from command prompt.
++ Remote Desktop Client
Launch mstsc.exe. In the computer field specify the <TS name>:<port number> e.g. If server name is termserver1 and port is 3900 then we need to put termserver1:3900
++Remote Desktop We Connection
Make connection to web server which host the remote desktop web connection using http://<server name>/ts
Click on the Remote Desktop icon. In Connect to: field specify the <TS name>:<port number>
++Remote Applications:
To configure Remote Applications, accessible through TS Web Access or a custom .rdp file, to use custom Terminal Server port, you must configure custom RDP Settings in TS Remote App Manager MMC snap-in.
RemoteApp Deployment Settings à Terminal Server à RDP Port
Specify the custom port in RDP port field.