Set-DynamicFirewallRuleForRDP
1.0
Creates a Windows Firewall rule that blocks the IP addresses of all the network clients
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to alw
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to alw
Creates a Windows Firewall rule that blocks the IP addresses of all the network clients
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to always
have RDP access. E.g., adding "192.168." to the exclusions file will exempt the entire 192.168.0.0/16
network. Adding "192.168.1." will exclude the entire 192.168.1.0/24 network. Exclusions are entered
one per line in the text file. If you do not enter any exclusions at all, and then run this script,
a firewall rule will be created to block every IP address that has completed a TCP handshake with the RDP port in the
past 24 hours. Including you. Which is probably not what you want. So you should really enter some exclusions.
This script requires that the auditing of Windows Filtering Platform (WFP)
be set to log successful connections. (Event ID 5156 in the Security log.) This can be configured via Advanced Audit Policy. It also
requires that the Windows Firewall be turned on.
Show more
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to always
have RDP access. E.g., adding "192.168." to the exclusions file will exempt the entire 192.168.0.0/16
network. Adding "192.168.1." will exclude the entire 192.168.1.0/24 network. Exclusions are entered
one per line in the text file. If you do not enter any exclusions at all, and then run this script,
a firewall rule will be created to block every IP address that has completed a TCP handshake with the RDP port in the
past 24 hours. Including you. Which is probably not what you want. So you should really enter some exclusions.
This script requires that the auditing of Windows Filtering Platform (WFP)
be set to log successful connections. (Event ID 5156 in the Security log.) This can be configured via Advanced Audit Policy. It also
requires that the Windows Firewall be turned on.
Installation Options
Owners
Package Details
FileList
- Set-DynamicFirewallRuleForRDP.nuspec
- Set-DynamicFirewallRuleForRDP.ps1
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 1.0 (current version) | 398 | 5/24/2016 |