A batch script to change the RDP port with the following steps:

1. Check if the script is running as administrator; if not, restart with administrator privileges.
2. Prompt the user to input the desired RDP port.
3. Back up the current RDP registry settings in the same location as the batch script.
4. Modify the RDP port in the registry and ensure RDP is enabled.
5. Allow the specified port through Windows Firewall inbound rules.
6. Display a confirmation message upon completion and require a key press to exit

@echo off
setlocal enabledelayedexpansion

:: ============================================
:: RDP Port Configuration Script
:: Securely changes Windows RDP port with backup
:: ============================================

title RDP Port Configuration Tool

:: Check for administrator privileges
net session >nul 2>&1
if %errorLevel% neq 0 (
    echo [INFO] Administrator privileges required. Requesting elevation...
    echo.
    powershell -Command "Start-Process '%~f0' -Verb RunAs"
    exit /b
)

echo ============================================
echo     RDP Port Configuration Tool
echo ============================================
echo.
echo [INFO] Running with administrator privileges
echo.

:: Get current RDP port
for /f "tokens=3" %%a in ('reg query "HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp" /v PortNumber 2^>nul') do (
    set /a current_port=%%a
)

if not defined current_port (
    echo [WARNING] Could not retrieve current RDP port. Setting default to 3389.
    set current_port=3389
)

echo [INFO] Current RDP port: %current_port%
echo.

:: Prompt for new RDP port
:input_port
set /p new_port="Enter the desired RDP port (1024-65535): "

:: Validate port number
if "%new_port%"=="" (
    echo [ERROR] Port number cannot be empty.
    goto input_port
)

:: Check if input is numeric
echo %new_port%| findstr /r "^[0-9][0-9]*$" >nul
if %errorlevel% neq 0 (
    echo [ERROR] Port must be a valid number.
    goto input_port
)

:: Check port range
if %new_port% lss 1024 (
    echo [ERROR] Port must be 1024 or higher for security reasons.
    goto input_port
)

if %new_port% gtr 65535 (
    echo [ERROR] Port cannot exceed 65535.
    goto input_port
)

if %new_port%==%current_port% (
    echo [INFO] New port is the same as current port. No changes needed.
    goto exit_script
)

echo.
echo [INFO] Changing RDP port from %current_port% to %new_port%
echo.

:: Create backup directory and filename with timestamp
set script_dir=%~dp0
set timestamp=%date:~-4%%date:~3,2%%date:~0,2%_%time:~0,2%%time:~3,2%%time:~6,2%
set timestamp=%timestamp: =0%
set backup_file=%script_dir%RDP_Registry_Backup_%timestamp%.reg

:: Backup current RDP registry settings
echo [INFO] Creating registry backup: %backup_file%
reg export "HKLM\\System\\CurrentControlSet\\Control\\Terminal Server" "%backup_file%" /y >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Failed to create registry backup.
    goto exit_script
)
echo [SUCCESS] Registry backup created successfully.
echo.

:: Enable Remote Desktop
echo [INFO] Enabling Remote Desktop...
reg add "HKLM\\System\\CurrentControlSet\\Control\\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Failed to enable Remote Desktop.
    goto exit_script
)

:: Change RDP port
echo [INFO] Modifying RDP port in registry...
reg add "HKLM\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp" /v PortNumber /t REG_DWORD /d %new_port% /f >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Failed to modify RDP port in registry.
    goto exit_script
)
echo [SUCCESS] Remote Desktop enabled through multiple methods.
echo [INFO] Terminal Services configured to start automatically.
echo.

:: Configure Windows Firewall
echo [INFO] Configuring Windows Firewall...

:: Remove existing RDP rules to avoid conflicts
netsh advfirewall firewall delete rule name="Remote Desktop - Custom Port" >nul 2>&1

:: Add new firewall rule for the specified port
netsh advfirewall firewall add rule name="Remote Desktop - Custom Port" dir=in action=allow protocol=TCP localport=%new_port% >nul 2>&1
if %errorlevel% neq 0 (
    echo [ERROR] Failed to add firewall rule for port %new_port%.
    goto exit_script
)
echo [SUCCESS] Firewall rule added for port %new_port%.

:: Optional: Disable default RDP port 3389 if it's different from new port
if %new_port% neq 3389 (
    echo [INFO] Disabling default RDP port 3389 in firewall...
    netsh advfirewall firewall set rule group="Remote Desktop" new enable=No >nul 2>&1
)

echo.
echo ============================================
echo           CONFIGURATION COMPLETE
echo ============================================
echo.
echo [SUCCESS] RDP port successfully changed from %current_port% to %new_port%
echo [INFO] Registry backup saved to: %backup_file%
echo [INFO] Firewall rule configured for port %new_port%
echo.
echo [INFO] RDP port configuration complete. Enable RDP manually in Windows Settings if needed.
echo.
echo [SECURITY NOTE] Remember to:
echo - Update any RDP clients with the new port
echo - Inform authorized users about the port change
echo - Monitor logs for any unauthorized access attempts
echo.

:exit_script
echo Press any key to exit...
pause >nul
exit /b