iphonogasm
Well-known member
Hi, im getting multiple RDP onnection attempts, whether or not they are actual RDP connections i am not sure, but i would like, when im getting a conection other then from me, to kill it. Ive tried in CMD qwinsta /SERVER:SERVERNAME and then rwinsta /SERVER:SERVERNAME SESSIONID to kill it but it doesnt kill it. Im using microsoft network monitor to monitor traffic and i can see connection attempts scrolling (or active connections, SCARY! has a payoad of 0 but so does it when i am connected!) Would i be ablse to set a rule to say shut down RDP for say 10 minutes after so many failed authentications attempts? Would this be under Security Policys? Im not too familiar with policys. Thanks in advance!!
