RDP Web access seems to be default. Try this from your web brower:
http://SERVER_Name/rdweb You just made me realize a security weakness I hadn’t even considered before. I’ll have to check our Windows Internet facing Web servers. *From:* [email protected] [mailto: [email protected]] *On Behalf Of *J- P *Sent:* Tuesday, April 7, 2015 12:36 PM *To:* NT *Subject:* [NTSysADM] Remote logon attempts 4625 Hi all, Have an internet facing time-clock server , the network firewall has port 80 ONLY forwarding to the server, i'm starting to see hundreds of event 4625's coming from global IP addresses (China, Malaysia, russia etc,,) If the firewall only has port 80 forwarded, how are they attempting RDP (Logon Type 10) here is one such example; An account failed to log on. Subject: Security ID: SYSTEM Account Name: *SERVER_Name*$ Account Domain: *DOMAIN_ NAME* Logon ID: 0x3e7 Logon Type: 10 Account For Which Logon Failed: Security ID: NULL SID Account Name: administrator Account Domain: *SERVER_Name* Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x1424 Caller Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: *SERVER_Name* Source Network Address: 60.52.25.18 (Malaysia IP ) Source Port: 4750 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 Jean-Paul Natola
