PSLogonFailures is a PowerShell script to help mitigate  brute force attacks against remote desktop servers, both those published  to the public Internet and those on your internal network.  This script  was developed in collaboration with my long-time friend @zandeez.  You can find the script on GitHub along with the relevant documentation.

Why PSLogonFailures?

Working in IT, predominantly with Microsoft Windows systems, I  noticed a lot brute force attempts trying to login to servers via remote desktop protocol (RDP).  RDP is great for  managing Windows servers and workstations but also opens the system up  to attack and potential abuse.  On Linux we have tools like Fail2Ban to help protect against brute force attacks but I couldn't find  something free at the time I initially released this script.  After I  started implementing this script at customer sites the number of failed  logon attempts (typically overnight) would drop to less than 10% of the  pre-implementation value.

Why not just use product X?

Since I and Andee wrote PSLogonFailures I've seen a number of similar solutions become available, so this is a natural question.  I'd suggest PSLogonFailures has the following benefits:

  • You can review the code, so you know what it's doing
  • It's free
  • You can modify PSLogonFailures to meet your needs (pull requests and contributions welcomed)