top of page

Minimizing the RDP attack vector with Microsoft Account Lockout Policy

  • Admin
  • Jul 25, 2022
  • 1 min read

Microsoft announced that in the latest Windows 11 builds the Account Lockout Policy was enabled by default, which doubles as a fail-safe against Remote Desktop Protocol (RDP) brute-forcing attempts.

Apparently, this change will soon be backported to older Windows versions, especially the Server editions.


RDP is a Microsoft protocol that enables administrators to access desktop computers. It is a popular remote access tool with the shift to remote working. Since it gives the user complete control over the device, it is a valuable entry point for threat actors, especially ransomware operators.

Brute-forcing is a method used by attackers to take over accounts. Usually automated with the help of a software tool, the attack involved submitting many passwords in a row until the right one is “guessed”.


The policy automatically locks user accounts for 10 minutes after failing 10 login attempts in a row. It also applies to Administrator accounts.


Find out more Help Net Security

Latest news

bottom of page