• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1289
  • Last Modified:

How do you audit RDP / Terminal Server hacking attempts in Windows 2008

I've deliberately tried 'hacking' one of the windows 2008 servers in our organization with an incorrect password, but never see any indication in the event log.  Has this been removed?  Is there a new and improved way of doing this with Windows 2008 server?
0
stonenajem
Asked:
stonenajem
  • 4
1 Solution
 
chapmanjwCommented:
You could do this by enforcing a lockout policy (meaning after like 3 attempts they get locked for 15 minutes).  The process of getting locked out would be in the Windows Event Log under security.
0
 
stonenajemAuthor Commented:
Thanks, but my question specifically is about how these events are logged now.
0
 
wolfcamelCommented:
the password attempts should still be in the security event log
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
stonenajemAuthor Commented:
That's my issue.  They appear if I use something other than administrator, but not if the administrator account is attempted.
0
 
stonenajemAuthor Commented:
Wolf - if you have a Windows 2008 server, would you do me a favor?  Make ~10 attempts from outside your network to RDP using the administrative account and a wrong password.  Cut and paste the log entries here.  I'm going to try to do a reasonable comparison of what you're showing to what I'm showing.
0
 
stonenajemAuthor Commented:
This appears to be related to IP6, and will display audit failure messages only if attempted from outside the network.  Not sure why, and not going to pursue the question further.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now