Windows Server configuration to catch all failed logons
Your Windows Server may require additional configuration to catch all failed logon attempts and ip addresses. You may need to check your Audit Policy. Below you will find detailed instrunctions.
Check your Audit Policy
1. Click Start -> Administrative Tools -> Local Security Policy
Click Start -> Administrative Tools -> Local Security Policy
Local Security Policy snap-in will open:
Local Security Policy snap-in
2. Open Security Settings, Local Policies, Audit Policy
3. Double click on Audit account logon events.
Audit account logon events Properties dialog will open:
Audit account logon events Properties Dialog
4. Set Audit these attempts to Failure and Success(optionally) and click OK.
5. Repeat steps 3-4 for Audit logon events.
Audit Policy should look like below:
Configured Audit Policy
That's all. From version 2.3.5 RdpGuard works with all security layers:
- RDP Security Layer
- SSL (TLS 1.0)