We are running a server (Win2K3) for RDP/terminal services. Every so often (there is no pattern, unfortunately) one of out accounts keeps getting logged out due to bad passwords. I have shut off terminal services for the account in AD, but the login attempts are still polling AD, and therefore locking the account out. Looking at the event logs, this appears to be an attempt to brute force into the network. The logs show the source IP address(s) coming from other countries and all that jazz. We have password policies set up (lockout, strong password requirements, etc...), so I am not too worried about a break in, I just need the lockout to stop occuring.
Is there a way to prevent this from occuring (aside from restricting IP addresses, etc...)? I was hoping there was a way to have the RDP/terminal services server recognize that this login is not allowed to use any "remote services" and stop hitting AD.
I tried adding the username to the terminal services permissions and then denying all, but it still hits AD.
The long and short of it is that I am looking for a way to restrict access based on the username supplied at the RDP server level rather than having it hit AD. Does anyone know of a way to do this?
Thanks in advance!