This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Only compatible with Server 2019 | |
# Intended to be run as a recurring scheduled task | |
# Parses 240 minutes of logs then based on a tolerance for failed login attempts, creates TCP 3389 (RDP) and ICMP block rules. | |
# This will remove the old rules each time it is run which has the effect of creating a temporary block if this is run as a scheduled task. | |
#Quantity of failed login attempts required to trigger blocking | |
$tolerance = 15 | |
$logName = "Security" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Only compatible with Server 2016 | |
# Intended to be run as a recurring scheduled task | |
# Parses 240 minutes of logs then based on a tolerance for failed login attempts, creates TCP 3389 (RDP) and ICMP block rules. | |
# This will remove the old rules each time it is run which has the effect of creating a temporary block if this is run as a scheduled task. | |
#Quantity of failed login attempts required to trigger blocking | |
$tolerance = 15 | |
$logName = "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" |