Configure Windows Server to catch all failed logon attempts. Edit Audit Policy. RDP Security Layer.
RdpGuard
Intrusion prevention system for your Windows Server
Follow:
Like:
Facebook
Google+
Share:

Windows Server configuration to catch all failed logons

Your Windows Server may require additional configuration to catch all failed logon attempts and ip addresses. You may need to check your Audit Policy. Below you will find detailed instrunctions.

Check your Audit Policy

1. Click Start -> Administrative Tools -> Local Security Policy

Open Local Security Policy

Click Start -> Administrative Tools -> Local Security Policy

Local Security Policy snap-in will open:

Local Security Policy snap-in

Local Security Policy snap-in

2. Open Security Settings, Local Policies, Audit Policy

3. Double click on Audit account logon events.

Audit account logon events Properties dialog will open:

Audit account logon events Properties

Audit account logon events Properties Dialog

4. Set Audit these attempts to Failure and Success(optionally) and click OK.

5. Repeat steps 3-4 for Audit logon events.

Audit Policy should look like below:

Configured Audit Policy

Configured Audit Policy


That's all. From version 2.3.5 RdpGuard works with all security layers:

  • RDP Security Layer
  • Negotiate
  • SSL (TLS 1.0)

RdpGuard 3.1.7 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
Like Us!
 
People like RdpGuard!
People like us
Our Other Products
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2017 NetSDK Software, LLC. All rights reserved.  Terms of Use.  Privacy Policy.