RDP Defender on Windows 2012 R2
Posted: Tue Nov 08, 2016 10:04 am
Hi,
I'm testing RDP Defender (1.4) on Windows 2012 R2 and I can't seem to get it to block anything.
-All the options show as green in the GUI
-I've enabled all the recommended audit logging and NTML blocking options from other threads (although the log entries were appearing before these were changed)
-I see entries in the RDS log for failed connections (and this is the log that clicking "View > Logs" in the GUI takes me to)
-A trial of RDP guard installed on the server works correctly and blocks IP addresses as expected (Now uninstalled)
-I've dropped the trigger to 1 event (even though IPs are trying a few hundred times an hour) but still no blocked IPs show in the GUI
-I've done all the usual things like reboots/service restarts etc
Example log entry (Event ID 140):
"A connection from the client computer with an IP address of 91.193.74.175 failed because the user name or password is not correct."
Should this work on Windows 2012 R2 and if so, any idea what I'm doing wrong?
Cheers,
Alex
I'm testing RDP Defender (1.4) on Windows 2012 R2 and I can't seem to get it to block anything.
-All the options show as green in the GUI
-I've enabled all the recommended audit logging and NTML blocking options from other threads (although the log entries were appearing before these were changed)
-I see entries in the RDS log for failed connections (and this is the log that clicking "View > Logs" in the GUI takes me to)
-A trial of RDP guard installed on the server works correctly and blocks IP addresses as expected (Now uninstalled)
-I've dropped the trigger to 1 event (even though IPs are trying a few hundred times an hour) but still no blocked IPs show in the GUI
-I've done all the usual things like reboots/service restarts etc
Example log entry (Event ID 140):
"A connection from the client computer with an IP address of 91.193.74.175 failed because the user name or password is not correct."
Should this work on Windows 2012 R2 and if so, any idea what I'm doing wrong?
Cheers,
Alex