No need to restart or change the remote port of the server

The server permissions are successfully obtained through the bypass + elevation of permissions, and then the SQL command adds the USER ADMIN to enable 3389
After successfully logging on to the server, I thought about how to use the remote port of the server. After modification
From the very beginning, I found that I couldn't log on. At this time, I don't have to worry about opening the firewall.

So what should we do? Now only the Shell Permission is available ..

First, you accidentally discovered that you do not need to write the Registry to change the port.
1. Run:
Reg query "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal
Server"
You will find out what the service is in and decide what to do.
We found that "fDenyTSConnections REG_DWORD 0x0. This is now 3389 server enabled.
Service "0x0", which is the hexadecimal number 0. This is enabled, and 0x1 is disabled.
Suppose we have changed 3389 to 9, then delete the service first. After the change, you cannot connect from the start.
All I have to do is. It doesn't take effect from the port that is also called port 3389. I guess this article is the first one.
I googled BAIDU. There are no similar articles. I hope you can learn more. Old bird passed ..

2. Delete existing Terminal Services
Reg delete "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal
Server "/v fDenyTSConnections
Will you ask if "you want to delete the registry value fDenyTSConnections", Of course Yes, and then execute:

3. Now the terminal should be in the closed state. Let's try again. Well, I tried to close it. Wow

4. The new Service port is the port you changed. This method minus the Server start. Because sometimes
The $ administrator you set up will not be discovered from the beginning. (There are many ways to use this method. Hope you can advise)
Reg add "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal
Server "/v fDenyTSConnections/t REG_DWORD/d 0
After executing the appeal command, you should have opened the port and the Service, which should be the port you changed. Try again

5. In execution
Reg query "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server.

Change the value of "fDenyTSConnections" to "0x? "0x0 on 0x1 off