Not too many people realize it, but there is an inherent security hole built into Remote Desktop for Windows XP. Even fewer people realize that this security hole has been delivered in Windows Vista as well! Just enabling RDP will expose your computer to great risk.  The default settings will allow an unlimited number of attempted connections to your computer, along with an unlimited number of attempts to guess username and password combinations.  A simple script can be written to attempt to repeatedly connect to your computer on port 3389 (RDP Port or the port you specify for RDP) and brute force attack your password.

Fortunately, there is a solution.  Creating an Account Lockout Policy will protect your account by limiting the number of times a remote application or attacker can try to guess your password. This works by automatically locking out your account after a designated number of incorrect passwords were entered.  Your account will remain locked out for a designated period of time before it is automatically unlocked and it can be logged into again. This will repel repeated attempts at guessing your username and password.

1. Click on the Start Button and key in Secpol.msc and hit Enter.
2. Navigate through Account Policies and Account Lockout Policy.
3. Right click on Account lockout threshold and select Properties.
4. Enter in the value you want to use and hit OK to save. I like to use 4 here. 

Windows will set the default values for the lockout duration and Reset account lockout counter values.  If you want to change these values from the defaults (30 minutes), right click on them and select Properties. After making your changes hit OK to save and exit.  

Tags | Networking, Security, Windows Vista