asked on
how to find out suspicious atta is on default rdp port 3389 on server ?
got a server 2012
got a port forwarding to the server to access from external . it’s just using default internal port 3389 on server
if I want to find out is there any suspicious attacks going on my rdp port . how do I find out? any particular event Id I need to look for ?
got a port forwarding to the server to access from external . it’s just using default internal port 3389 on server
if I want to find out is there any suspicious attacks going on my rdp port . how do I find out? any particular event Id I need to look for ?
Windows Server 2012Windows Server 2008Windows Server 2003
Last Comment
Seth Simmons
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
hi david ,
if I enable the group policy for that setting on the domain controller ou (which has 2 dc).
do I need to login to each dc to check login attempts, ??
or if I login to first dc can I check the login attempts of seconds dc ?
or if I enable same policy on computer OU. same question: from dc can I see all login attempts of all computers or do I need to login to each pc to check login attempts ?
if I enable the group policy for that setting on the domain controller ou (which has 2 dc).
do I need to login to each dc to check login attempts, ??
or if I login to first dc can I check the login attempts of seconds dc ?
or if I enable same policy on computer OU. same question: from dc can I see all login attempts of all computers or do I need to login to each pc to check login attempts ?
SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- 'David Johnson, CD' (https:#a43072688)
-- 'David Johnson, CD' (https:#a43074232)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- 'David Johnson, CD' (https:#a43072688)
-- 'David Johnson, CD' (https:#a43074232)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Personally I would never do this unless a UTM device such as Sonicwall, Fortinet Etc was being used and access was allowed for approved IP's only
This would also provide more robust logging and protection options