Ellie

By Ellie Twitter / Last Updated October 25, 2022

How do I secure Remote Desktop on Windows 10?

“For some reason, my company decided to let 80% of its employees handle official business long-distance and I am one of them. We’re recommended to use Remote Desktop to remotely access our office computers and get the resources we need. I don’t know much about Remote Desktop before, but remote control sounds a little scary to me. How can I configure Remote Desktop on Windows 10 in order to achieve maximum security?” 

RDP Introduction

4 options on how to secure Remote Desktop on Windows 10, 11

Remote Desktop (also known as RDP) is a relatively safe remote desktop tool developed by Microsoft. It does, however, have some flaws. However, once you’ve properly set up Remote Desktop, there are some things we can do to ensure maximum Windows 10 Remote Desktop security. We have four options for you on how to secure RDP on Windows 10, 11 here.

Option 1. Utilize a strong password

Let's start with the most obvious one. All of the users that you gave Remote Desktop access need to have strong passwords. Use more than eight characters (12+ is recommended) with numbers, lowercase and uppercase letters, and special characters.

Option 2. Delete the default accounts and add new users manually

You’re recommended to remove the existing users and groups which have permission to log on as a Remote Desktop Services client and manually add the users you’d like to grant Remote Desktop access to. This isn’t an essential step, but it gives you more power over which accounts get to use Remote Desktop.

Step 1. Press Win + to open the Run dialog box, type in “secpol.msc” and click OK.

Secpol

Step 2. Navigate here: Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services.

Allow Log On

Step 3. Remove Administrators and Remote Desktop Users (or any other users or groups on your own computer) listed in this window.

Remove Users

Step 4. After that, click Add User or Group and manually add the users you’d like to grant Remote Desktop access to.

Add After Remove

Option 3. Change the default Security settings

You may also need to change some default Remote Desktop Services Security settings to achieve maximum security.

Step 1. Open the Run dialog box, type in “gpedit.msc” and click OK.

Local Group Policy Editor Window

Step 2. Navigate here: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security. On the right pane, you’ll see multiple settings.

Set Client Connection Encryption Level

Step 3. Find Set client connection encryption level on the right pane. Change its status to Enabled. Then set the Encryption level from the drop-down list to High Level.

Select Encryption Level

Step 4. Find Require secure RPC communication on the right pane. Change its status to Enabled.

Require Secure RPC Communication

Step 5. Find Require use of specific security layer for remote (RDP) connections on the right pane. Change its status to Enabled. Set the RDP security layer to SSL from the drop-down list.

Security Layer SSL

Step 6. Find Require user authentication for remote connections by using Network Level Authentication on the right pane. Change its status to Enabled.

Enable NLA

Option 4. Change the default RDP port number

By default, Remote Desktop listens on port 3389. But the default port number can be hacked anytime. Therefore, changing the default RDP port number can be a good way to safeguard the Remote Desktop.

Step 1. Open the Run dialog box, type in “regedit” and click OK.

Run Box Regedit

Step 2. Navigate here: HKEY_LOCAL_MACHINE > System > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp. Scroll down and find PortNumber and then double click on it.

Server 2016 Tcp Port

Step 3. Change the port number you like, such as 3390, and then select Decimal. Click on OK.

3390 Decimal Port Number

Secure alternative to RDP for remote access: AnyViewer

Although we’ve mentioned several ways to avoid RDP vulnerabilities, users still require a thorough solution for remote access. AnyViewer is the securer RDP alternative for remote access. It is secured by Elliptic Curve Cryptography (ECC) encryption, protecting your data from leakage. Besides, it has the following advantages over RDP:

  • It doesn’t require an IP address or computer name to achieve a remote connection, while RDP requires.
  • It doesn’t require the two devices to be under the same network, while RDP requires.Otherwise, users of RDP need to set up port forwarding.
  • It supports almost all versions of Windows, including Windows 11/10/8.1/8/7 and Windows Server 2022/2019/2016/2012 R2, while RDP doesn’t support Windows 10/11 Home.
Download Freeware Win 11/10/8.1/8/7
Secure Download

Step 1. Download, install, and launch AnyViewer on both computers.

Download AnyViewer

Step 2. Go to Log in, and then click Sign up. (If you already have signed up on its official website, you can log in directly.)

Log in AnyViewer

Step 3. Fill in the signup information.

Sign Up for AnyViewer

Step 4. Then you can see you successfully logged in to AnyViewer. Your device will automatically be assigned to the account you've logged in to.

Free Editions

Step 5. Log in to the same AnyViewer account on the two devices, then click One-click control to achieve unattended remote access.

Connect to My Devices

With this one-click connection method, no one else can access your computer if you keep your account and password secret.

✍Note: If you upgrade your account to a Professional or Enterprise plan, then you’ll have more rights:

  • You can assign more devices to achieve unattended remote access.
  • More currently connected devices will be displayed, which is convenient for you to view more connection histories at any time.
  • You can connect to another computer in privacy mode, which means you can black the screen and block the mouse and keyboard of the remote computer, further protecting your privacy.

 

Conclusion

In this post, we mainly give you four options on how to secure Remote Desktop on Windows 10 after setup. If you have all the settings configured, the Remote Desktop Connection will be securer. Also, you can use a secure RDP alternative, AnyViewer. Secured by Elliptic Curve Cryptography (ECC) encryption, it provides you with safe remote connections. Besides, its features like one-click connection and privacy mode can better protect user privacy.