PS C:\WINDOWS\system32> Set-NetFirewallProfile -All -LogBlocked True -LogMaxSizeKilobytes 20480
>> # Enable logging for blocked (dropped) packets across all profiles
PS C:\WINDOWS\system32> auditpol /set /subcategory:"Logon" /success:enable /failure:enable
>> # Enable auditing for both successful and failed logon attempts
The command was successfully executed.
Check firewall log:
PS C:\WINDOWS\system32> Get-Content C:\Windows\System32\LogFiles\Firewall\pfirewall.log -Tail 20
Check RDP/Logon attempts
PS
C:\WINDOWS\system32> Get-WinEvent -FilterHashtable
@{LogName='Security'; ID=4625} -MaxEvents 10 | Select-Object
TimeCreated, Message | Format-List
>> # Find the last 10 failed RDP/Logon attempts
No comments:
Post a Comment