The Firewall will block Clients when it is detected that the Client has done 5 failed logon attempts.
When it is about "failed logon attempts", it can be
about those zombie-hacked-PC's in a botnet out there on the internet, that
do attempt to hack into the AADServer with the Administrator userID. Or it can
be about, for example, a former employee, or a visitor to the company office,
who knows the userIDs of the employees, and attempts to hack into the AADServer
with the usernames / userIDs as defined for the employees.
Either hack-attempts is blocked by the AADS RDP Firewall.
There are however circumstances where it is not really
required to block Client PCs which do multiple failed logon attempts with
specific company usernames / userIDs. For example, Point Of Sales systems that
do automatically login on the AADServer, with a specific username like
"POSClient123" (example of an username), and a password that nobody knows. Login
is done automatically when booting the POS Client PC. And in the event that the
remote POS Client PC makes an error, for example because the barcode reader is
disconnected, it might not be needed to block the remote POS Client PC in the
Firewall, but just fix the error. In such a case the IT Administrator of the
AADServer can choose to handle only failed login / hack attempts when
it is done with a well known user names like Administrator, but do not block a
Client in the Firewall in case the failed login attempt is done with
other, self defined user names.
However, if it is chosen not the block such failed login attempts, a rough (ex-)employee for example, might start some trouble with login attempts, using those usernames like "POSClient123". Therefore it is recommended always to enable Notifications, specifically the Notification for a failed logon attempt.
Default setting is to block Clients in both cases. Wether the failed login / hack attempt is done with a well known username like Administrator, or a specific username that is known only on this AADServer, the Client will be blocked after 5 failed login / hack attempts.
Using our program "ViewUsers " it is possible to Disconnect or Logoff other users. Default this ability is only possible for Administrators.
AADS has now a new setting. The IT-Administrator can define a group, on the local AADServer or in the Domain, and members of this group can be allowed to Disconnect or Logoff other users.
Copyright 2012-2020 AADS WorldWide LTD. AADS Terminal Server | Application Server | Remote Desktop solutions | Firewall