Anyone know in 2003 and 2008, is it possible to limit the number of failed login attempts (RDP) before the server disconnects? I do not want to lock out the user account, just disconnect and force them to reconnect to try again. I've been searching KB's, no luck... thanks muchBarrySDCA

thank you for the reply but it's not the idle timeout I'm looking for. The brute force hack scripts are far from idle - they will try hundreds of times in just a few seconds. I want to force a disconnect after 2 failed login attempts. this will force the brute force rdp robots to reconnect, and when they reconnect our firewalls detect them easier. it's difficult to detect if they don't disconnect because of the encryption involved with RDP. If there is no such option then maybe MS can add it in a future service pack. thank youBarrySDCA

We fully understand your concerns and thanks for your suggestion. Terminal server can easily become the target of hack scripts. To reduce the impact of this kind attack, we introduced a new authentication method, Network Level Authentication (NLA), that finishes user authentication before you establish a full Remote Desktop connection and before the logon screen appears. This feature improves the authentication method, and it can help protect the remote computer from malicious users and malicious software. NLA has the following benefits: • It requires fewer remote computer resources. The remote computer uses a limited number of resources before it authenticates the user. Earlier authentication methods required the remote computer to start a full Remote Desktop connection. • It can help provide better security by reducing the risk of malicious attacks that could limit or prevent access to the Internet. • It uses remote computer authentication. This feature can help protect users from connecting to remote computers that are set up for malicious purposes. Laura Zhang - MSFT

Hi guys. There's no wy of natively blocking brute force attempts but there is for instance Syspeace out there now to help.