RDP Guard

Frequently asked questions




Overview:
How to enable audit logging?
Why do I need adminpermissions to install and run rdp guard?
What is rdp guard doing on my system?
How to configurate my system to let rdp guard work perfectly?




How to enable audit logging?


Audit logging is part of the microsoft operating system and writes entries in the windows security protocol. By activating logging events it is possible to see which users try to access to your computer. To enable audit logging do following steps:


1.Click Start
You find the Startbutton in the left bottom corner

2. Click Run
A mask appears where you are able to type something in a text box.

3. Start the local security policies
Type in secpol.msc in the textbox and click OK.

4. Select Local Policies
After the management console has started expand the local policies by clicking on the +

5. Choose Audit Policy
By clicking on this treeview item you are able to choose between a few options on the right screen.

6. Activate Audit logon events
Doubleclick on the Audit logon event on the right screen and activate the failure-checkbox. This means, that on every failed login attempt the system generates a security entry in the event log.

See more informations here: http://technet.microsoft.com/en-us/library/cc976395.aspx


TOP



Why do I need adminpermissions to install and run rdp guard?

See the question: What is rdp guard doing on my system? to get the answer

TOP



What is rdp guard doing on my system?

Service

The RDP Guard need a service to block all attacks. The Service is called IPBlockControlerService. Please ensure, that the service has the permissions to configurate IPSEC.

Local Service is the default account and should work fine!



IPSec

IPSec is a protokoll that encrypt connections between computers. It is installed on all windows servers by default. Your RDP Guard use this technology to block IP-addresses.



Audit logon

To detect attacks, it is necessary, that Windows logs all failed logon attempts in the windows event log. If you install the rdp guard, you have the option to enable audit logon in the local policies.

If you've defined to log audit login in the domain policies this option is not needed.

TOP



How to configurate my system to let rdp guard work perfectly?

Some settings on your system should be set correctly. Please see the following instructions:

PDF: Correct settings for RDP-Guard

TOP