There is a way to limit failed login attempts. You can find the setting under Administrative Tools. Open up the Account Policies tree>Account Lockout Policy. Change the Account Lockout Threshold to the desired setting. In your case 2. For more detail go to: http://www.mobydisk.com/techres/securing_remote_desktop.html It's the same for XP and Win7, but I am guessing it should be the same for other MS OS's Rakesh.

thank you for the reply but it's not the idle timeout I'm looking for. The brute force hack scripts are far from idle - they will try hundreds of times in just a few seconds. I want to force a disconnect after 2 failed login attempts. this will force the brute force rdp robots to reconnect, and when they reconnect our firewalls detect them easier. it's difficult to detect if they don't disconnect because of the encryption involved with RDP. If there is no such option then maybe MS can add it in a future service pack. thank youBarrySDCA

Anyone know in 2003 and 2008, is it possible to limit the number of failed login attempts (RDP) before the server disconnects? I do not want to lock out the user account, just disconnect and force them to reconnect to try again. I've been searching KB's, no luck... thanks muchBarrySDCA

Hi, Windows will disconnect a RDP logon attempt if there is no user activities in the RDP logon window for a while. The default timeout for Windows Server 2003 is 120 seconds; the timeout for Windows Server 2008 R2 is 30 seconds. Unfortunately, as far as I know, there is no such built-in mechanism to disconnect a logon attempt by failed login attempts. For Windows Server 2008 R2, you may configure the following registry value to configure the timeout: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Name: LogonTimeout (DWORD) Value: Specifies the time in seconds – Decimal Value – 300. Hex - (12c) its 5 minutes. Please reboot the server after adding the above key. Laura Zhang - MSFT

We fully understand your concerns and thanks for your suggestion. Terminal server can easily become the target of hack scripts. To reduce the impact of this kind attack, we introduced a new authentication method, Network Level Authentication (NLA), that finishes user authentication before you establish a full Remote Desktop connection and before the logon screen appears. This feature improves the authentication method, and it can help protect the remote computer from malicious users and malicious software. NLA has the following benefits: • It requires fewer remote computer resources. The remote computer uses a limited number of resources before it authenticates the user. Earlier authentication methods required the remote computer to start a full Remote Desktop connection. • It can help provide better security by reducing the risk of malicious attacks that could limit or prevent access to the Internet. • It uses remote computer authentication. This feature can help protect users from connecting to remote computers that are set up for malicious purposes. Laura Zhang - MSFT