drsox
drsox
/ Block-FailedRDPAttempts.ps1
Created
August 5, 2019 23:04
Server 2019 Block-FailedRDPAttempts.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Only compatible with Server 2019 | |
| # Intended to be run as a recurring scheduled task | |
| # Parses 240 minutes of logs then based on a tolerance for failed login attempts, creates TCP 3389 (RDP) and ICMP block rules. | |
| # This will remove the old rules each time it is run which has the effect of creating a temporary block if this is run as a scheduled task. | |
| #Quantity of failed login attempts required to trigger blocking | |
| $tolerance = 15 | |
| $logName = "Security" |
drsox
/ Block-FailedRDPAttempts.ps1
Last active
August 5, 2019 23:05
Server 2016 Block-FailedRDPAttempts.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Only compatible with Server 2016 | |
| # Intended to be run as a recurring scheduled task | |
| # Parses 240 minutes of logs then based on a tolerance for failed login attempts, creates TCP 3389 (RDP) and ICMP block rules. | |
| # This will remove the old rules each time it is run which has the effect of creating a temporary block if this is run as a scheduled task. | |
| #Quantity of failed login attempts required to trigger blocking | |
| $tolerance = 15 | |
| $logName = "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" |