Set-DynamicFirewallRuleForRDP

1.0

Creates a Windows Firewall rule that blocks the IP addresses of all the network clients
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to alw
Creates a Windows Firewall rule that blocks the IP addresses of all the network clients
that have connected to RDP (not necessarily authenticated - just established a TCP connection)
within the last 24 hours. This will effectively "ban" those IP addresses from making RDP password
guesses for 24 hours. Modify the 'exclusions file' with IP addresses that you want to always
have RDP access. E.g., adding "192.168." to the exclusions file will exempt the entire 192.168.0.0/16
network. Adding "192.168.1." will exclude the entire 192.168.1.0/24 network. Exclusions are entered
one per line in the text file. If you do not enter any exclusions at all, and then run this script,
a firewall rule will be created to block every IP address that has completed a TCP handshake with the RDP port in the
past 24 hours. Including you. Which is probably not what you want. So you should really enter some exclusions.
This script requires that the auditing of Windows Filtering Platform (WFP)
be set to log successful connections. (Event ID 5156 in the Security log.) This can be configured via Advanced Audit Policy. It also
requires that the Windows Firewall be turned on.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name Set-DynamicFirewallRuleForRDP

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Ryan Ries

Owners

Tags

Firewall RDP

Functions

Trace

Dependencies

This script has no dependencies.

Version History

Version Downloads Last updated
1.0 (current version) 198 5/24/2016