Though changing default port numbers is "security by obscurity", I believe it at-least gives the admin a clear info whether an attack taking place is targetted ones or automated attacks by script junkies.
I use to change default RDP port in Windows Servers when they are exposed to the Internet.
This is all you can do in order to harden by obscurity, as you say, without breaking any Windows core functionalities, as far as I know. At least regarding Windows core services. If running db servers such as MS Sql or Mysql you might change default port as well.