Automatically block RDP attacks using Windows Firewall and PowerShell

By accident I discovered, that in one of my eventlogs (“Applications and Services Logs\Microsoft\Windows\RemoteDesktopServices-RdpCoreTS\Operational”) several Entries with ID 140 are present. This events are logging attempts of users to login to my server via RDP but using wrong credentials. Obviously there should not be any attempt or maybe just one or two by myself. But … Continue reading Automatically block RDP attacks using Windows Firewall and PowerShell