• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1280
  • Last Modified:

How do you audit RDP / Terminal Server hacking attempts in Windows 2008

I've deliberately tried 'hacking' one of the windows 2008 servers in our organization with an incorrect password, but never see any indication in the event log.  Has this been removed?  Is there a new and improved way of doing this with Windows 2008 server?
0
stonenajem
Asked:
stonenajem
  • 4
1 Solution
 
chapmanjwCommented:
You could do this by enforcing a lockout policy (meaning after like 3 attempts they get locked for 15 minutes).  The process of getting locked out would be in the Windows Event Log under security.
0
 
stonenajemAuthor Commented:
Thanks, but my question specifically is about how these events are logged now.
0
 
wolfcamelCommented:
the password attempts should still be in the security event log
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
stonenajemAuthor Commented:
That's my issue.  They appear if I use something other than administrator, but not if the administrator account is attempted.
0
 
stonenajemAuthor Commented:
Wolf - if you have a Windows 2008 server, would you do me a favor?  Make ~10 attempts from outside your network to RDP using the administrative account and a wrong password.  Cut and paste the log entries here.  I'm going to try to do a reasonable comparison of what you're showing to what I'm showing.
0
 
stonenajemAuthor Commented:
This appears to be related to IP6, and will display audit failure messages only if attempted from outside the network.  Not sure why, and not going to pursue the question further.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now