Hi Tim, Check this out: RDP and Firewalls RDP uses TCP port 3389. Terminal servers are a highly desirable plum for intruders, so you may not want to open this port on your firewall. Use port translation to change the external port. If you want to discourage connection attempts by internal users, change the RDP port used by the terminal servers. This involves a quick Registry hack. Use Registry Editor to locate this entry: Key:HKLM | System | CurrentControlSet | Control | Terminal Server | WinStations Value: Port Number Data: d3d (hex for 3389, REG_DWORD) Change the PortNumber entry to another port well above the standard port ranges. Restart the server then use netstat -a to verify that the server is listening at the new port and not listening at port 3389. Then modify your clients to use the new port number as follows: * Win2K clients: Export the Connection Manager entry to a text file (.cns extension) using File | Export. Change the Server Port entry from 3389 to the new port number then import the file back into Connection Manager. * XP clients: Launch the Mstsc client executable then specify the server name, followed by a colon then the port number. For example, S1.company.com:6500. * TsWeb client: Change the Visual Basic code in the ASP page that makes the connection. Go to %system root%\Web\TsWeb. Locate the file called Connect.asp and edit it with Notepad or vim. Look for a series of entries starting with MsTsc.AdvancedSettings2. Add the following line right after these entries: MsTsc.AdvancedSettings2.RDPPort = Test to make sure that you can connect with the new setting. HTH, Tom -----Original Message----- From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx] Sent: Tuesday, June 11, 2002 1:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Terminal Server Publishing http://www.ISAserver.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:39 AM 6/11/2002, you wrote: >Hi Thor > >I stand corrected :), btw, it's not like you to mak a mistake, the correct >reg key to change the listening port is > >HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinS tations\RDP-Tcp\PortNumber. > > Heh- that's what I get for trusting the Q article! I just copied and pasted it. Thanks for checking up on me!! ;) Oh, and you did catch that email from Jim a while back regarding XP's Remote Desktop Client to append the port to the IP Address in the Computer box, right? You just connect to 10.1.1.1:13389 or whatever the new port is- that *really* makes it easy to change the listen port. I'm still working on a hack for TSAC to change it's listen port, but it requires editing the binary directly, which would keep me (legally) from distributing it... Have you found a way around that? AD -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPQZIGIhsmyD15h5gEQKTmgCeKAZLdS6tFRNoZGi3pbIVrHVTbHoAnRbk uVJb0M6sU869YQ9/R+qJfLVG =cj7D -----END PGP SIGNATURE----- ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')