troubleshooting Question

RDP Login attack causing account lockout.

Avatar of Maddoghoek77
Maddoghoek77Flag for United States of America asked on
Microsoft Server OSWindows Server 2003
11 Comments1 Solution998 ViewsLast Modified:
We are running a server (Win2K3) for RDP/terminal services. Every so often (there is no pattern, unfortunately) one of out accounts keeps getting logged out due to bad passwords. I have shut off terminal services for the account in AD, but the login attempts are still polling AD, and therefore locking the account out. Looking at the event logs, this appears to be an attempt to brute force into the network. The logs show the source IP address(s) coming from other countries and all that jazz. We have password policies set up (lockout, strong password requirements, etc...), so I am not too worried about a break in, I just need the lockout to stop occuring.

Is there a way to prevent this from occuring (aside from restricting IP addresses, etc...)? I was hoping there was a way to have the RDP/terminal services server recognize that this login is not allowed to use any "remote services" and stop hitting AD.

I tried adding the username to the terminal services permissions and then denying all, but it still hits AD.

The long and short of it is that I am looking for a way to restrict access based on the username supplied at the RDP server level rather than having it hit AD. Does anyone know of a way to do this?

Thanks in advance!
Cláudio Rodrigues
Founder and CEO

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 11 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros