Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do you audit RDP / Terminal Server hacking attempts in Windows 2008

Posted on 2010-09-22
6
Medium Priority
?
1,277 Views
Last Modified: 2012-05-10
I've deliberately tried 'hacking' one of the windows 2008 servers in our organization with an incorrect password, but never see any indication in the event log.  Has this been removed?  Is there a new and improved way of doing this with Windows 2008 server?
0
Comment
Question by:stonenajem
  • 4
6 Comments
 
LVL 21

Expert Comment

by:chapmanjw
ID: 33740335
You could do this by enforcing a lockout policy (meaning after like 3 attempts they get locked for 15 minutes).  The process of getting locked out would be in the Windows Event Log under security.
0
 

Author Comment

by:stonenajem
ID: 33740350
Thanks, but my question specifically is about how these events are logged now.
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 33740383
the password attempts should still be in the security event log
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:stonenajem
ID: 33740390
That's my issue.  They appear if I use something other than administrator, but not if the administrator account is attempted.
0
 

Author Comment

by:stonenajem
ID: 33740405
Wolf - if you have a Windows 2008 server, would you do me a favor?  Make ~10 attempts from outside your network to RDP using the administrative account and a wrong password.  Cut and paste the log entries here.  I'm going to try to do a reasonable comparison of what you're showing to what I'm showing.
0
 

Accepted Solution

by:
stonenajem earned 0 total points
ID: 33749717
This appears to be related to IP6, and will display audit failure messages only if attempted from outside the network.  Not sure why, and not going to pursue the question further.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Loops Section Overview

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question