What you need to get started
- External server IP address.
- Account (usually Administrator) and password.
- Remote Desktop (RDP) is enabled on the server; if not, we will enable it below.
Enable RDP on the server
1. Open the “Run” window (Win+R) and run SystemPropertiesRemote:
2. On the Remote tab, select Allow remote connections to this computer and (recommended) Allow connections only from computers running Remote Desktop with NLA:
3. In newer builds, you can enable the same thing via Settings → System → Remote Desktop → Enable:
4. Make sure that Windows Defender Firewall allows RDP (TCP 3389; newer versions also use UDP 3389). Open Allow an app or feature through Windows Defender Firewall → check the Remote Desktop rule:
In Windows Server, the same can be enabled via Server Manager → Local Server → Remote Desktop = Enabled.
Connecting from client operating systems
Windows (mstsc)
Press Win+R → mstsc, enter the server IP address in the Computer field, and click Connect.
Use Show Options to enable the shared clipboard and, if necessary, redirect drives/printers.
macOS (Microsoft Remote Desktop)
Install the free Microsoft Remote Desktop client from the App Store → Add PC → enter IP/login/password → connect. The client supports scaling, shared clipboard, and full-screen mode.
Linux (Remmina / FreeRDP)
Graphically convenient Remmina. In the terminal, use FreeRDP:
xfreerdp /u:Administrator /p:'YourPassword' /v:203.0.113.10 /dynamic-resolution /clipboard
Diagnostics: if it does not connect
1. Is port 3389 available?
Check on the client:
Test-NetConnection 203.0.113.10 -CommonTCPPort RDP
TcpTestSucceeded : True means that the port is listening and can be reached.
2. NLA/accounting.
If you see an authentication failure, temporarily disable NLA for testing (re-enable it after testing) and make sure that the user is a member of the Remote Desktop Users group.
3. Firewall/ACL.
Check that your local firewall and external ACLs at your Windows VPS provider allow 3389 traffic from your network.
4. UDP “black screen.”
In new builds, RDP also uses UDP 3389; if you’re having network issues, it sometimes helps to temporarily disable UDP transport (on the client/network). Details and use cases are provided in the source code.
RDP security on VPS — the minimum you need
- Change the administrator password immediately.
- Restrict RDP by source: allow 3389 only from your addresses/subnets and disable “broad” rules.
- Leave NLA enabled.
- Consider VPN or RD Gateway on top of RDP.
- (Optional) Change the RDP port and don’t forget to add the corresponding rule to the firewall/ACL.
Quick option via PowerShell (enable RDP and Firewall)
#On the server as an administrator:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name 'fDenyTSConnections' -Value 0
Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'
