<div>
<div class="content wysiwyg-content">
Somebody is constantly running automated brute-force attacks against a Windows Server 2003 Terminal Server I published on WAN.<br />
It is joined to a domain and I have Account Lockout Threshold GPO defined to lockout an account after 3 login attempts.<br />
I also use local accounts on this server and I also set up local GPO Account Lockout Threshold to 3 login attempts.<br />
<br />
But I still see regular logs in Event Viewer for numerous failed login attempts for non-existing domain and local users. These seem to be common usernames like admin, root, scan, etc.<br />
<br />
What could I do to block all these attempts alltogether?
</div>
</div>


Somebody is constantly running automated brute-force attacks against a Windows Server 2003 Terminal Server I published on WAN.
It is joined to a domain and I have Account Lockout Threshold GPO defined to lockout an account after 3 login attempts.
I also use local accounts on this server and I also set up local GPO Account Lockout Threshold to 3 login attempts.

But I still see regular logs in Event Viewer for numerous failed login attempts for non-existing domain and local users. These seem to be common usernames like admin, root, scan, etc.

What could I do to block all these attempts alltogether?

Windows Terminal Server brute-force attempts

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries, organized in abstraction layers, traditionally called "Link," "Internet," "Transport" and "Application”. Its routing function enables internetworking, and essentially establishes the Internet. IP defines packet structures that encapsulate the data to be delivered. It also defines addressing methods that are used to label the datagram with source and destination information.