Port 3389 — Remote Desktop (RDP)

RDP (Remote Desktop Protocol) on port 3389 gives you full graphical access to a Windows computer from anywhere. You see the desktop, move the mouse, type on the keyboard — as if you were sitting in front of it. Microsoft built it into Windows, and it's the standard way to manage Windows servers, access work computers from home, and administer remote machines.

RDP is only available on Windows Pro, Enterprise, and Server editions as a host. Windows Home edition can connect to other computers via RDP but can't be connected to.

Enable Remote Desktop on Windows

Settings → System → Remote Desktop
Toggle Enable Remote Desktop to On
Note the PC name shown (you'll need it to connect)
Make sure your Windows account has a password set

Connect to a Remote PC

From Windows

# Built-in Remote Desktop Connection
# Press Win+R, type:
mstsc

# Or connect directly from command line:
mstsc /v:computer-name-or-ip

From Mac

Download "Microsoft Remote Desktop" from the Mac App Store (free). Add a new PC connection with the hostname or IP address.

From Linux

# Remmina (usually pre-installed on Ubuntu)
remmina

# Or use xfreerdp from command line
xfreerdp /v:192.168.1.100 /u:username

On the Same Network

Use the PC's local IP address (like 192.168.1.100) or its hostname. Find the target PC's IP with ipconfig on that machine.

Security Warning: Never Expose RDP to the Internet

Critical: Do NOT forward port 3389 on your router to make RDP accessible from the internet. RDP is one of the most attacked services — automated bots constantly scan for open port 3389 and attempt to brute-force passwords. Ransomware attacks frequently start with an exposed RDP port.

If you need remote access from outside your network, use one of these secure alternatives:

VPN — Connect to your home/office VPN first, then use RDP over the VPN tunnel. The RDP port never touches the public internet
SSH tunnel — Forward port 3389 through an SSH connection: ssh -L 3389:target-pc:3389 your-server
Remote access tools — Chrome Remote Desktop, AnyDesk, or Tailscale provide encrypted remote access without port forwarding
Azure/AWS — Cloud-hosted RDP through a bastion host with MFA

Change the RDP Port

Some admins change the default port from 3389 to reduce automated scanning (security through obscurity — not a real defense, but reduces noise). This requires a registry edit:

# Open Registry Editor (regedit)
# Navigate to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

# Change "PortNumber" from 3389 to your preferred port
# Then restart the Remote Desktop Service
# Don't forget to update your Windows Firewall rule

When connecting to a non-default port, append it with a colon: mstsc /v:192.168.1.100:3390

Troubleshooting RDP

Problem	Fix
"Remote Desktop can't find the computer"	Check IP/hostname is correct. Ping the target PC. Ensure it's on the same network or VPN
"Remote Desktop can't connect"	Verify Remote Desktop is enabled on target. Check Windows Firewall allows RDP (port 3389)
Black screen after connecting	Wait — sometimes takes 10-30 seconds on slow machines. If persistent, try connecting with lower resolution
"Windows Home doesn't support Remote Desktop"	You need Windows Pro or Enterprise. Upgrade, or use Chrome Remote Desktop as a free alternative
Slow/laggy connection	In connection settings, reduce color depth to 16-bit and disable visual effects (wallpaper, font smoothing)