By default, Windows has an Account Lockout policy that will lock the account has many failed login attempts.
We enabled Remote Desktop service by default to the public, so these failed login attempts could be from bots or from our users.
If this locking policy is disabled and your password is weak, the account can be brute forced and it is insecure.
There are several solutions to deal with this:
- Our web dashboard has a firewall that applies the rules at the level outside of the Virtual Machine; no matter the firewall rules inside of the VMs, the firewall in the web dashboard will act as the first priority. You can use this firewall to restrict the default remote desktop port 3389 to your allowed IPs only.
- You can disable the Account Lockout policy and use a strong Administrator password. To disable the Account Lockout policy, here are the steps:
- In Windows Settings, Search, Type: Edit Group Policy
- Computer Configuration -> Windows Settings -> Security Settings
- Open Account Policies -> Account Lockout Policies
- Choose Account Lockout Threshold: 0
- Change the default Remote Desktop port. Here are the instructions:
If the account is locked, you can still log in via VNC Console in your dashboard. You can also contact our support team via tickets or live chat, we will help.