Yes, but so it a TS logon, which could originate inside your LAN. Not
likely in great numbers, but still could. I think these are probes looking
for an easy way in, and they come and go in most networks. In some cases
they may be industrial spies, or maybe the teen ager next door.
The usually, but not always, originate in the countries you would associate
with criminal Internet behavior and, to be repetitive, can be blocked at the
edge with a decent firewall. Heck, rumor has it that even some entry level
routers will allow you to set up block lists by ip address.
But, no there is no built in functionality that does what you are asking.
You can setup lockouts on all but *the* domain administrator account, but
still your best bet is really strong passwords.
Get your SBS Health Check
<user@newsgroup> wrote in message
> Hi Larry,
> It is almost certainly from outside. I think Login Type 10 is Remote
> access. So there is no policy setting to block a login automatically eg to
> block the IP for N minutes if X login failures within Y seconds?
> Thanks, Ed
> On 6/08/2009 8:57 AM, Larry Struckmeyer [SBS-MVP] wrote:
>> Hi User:
>> Can't tell from your post if all of that comes from your internal domain
>> or from outside. Can you explain?
>> If from inside, we have some work to do to find out what is going on. If
>> from outside your network, you could stop them at the edge device with a
>> firewall that allows you to key in the range of IP addresses where most
>> of this starts.
>> Other than that, *strong* passwords are your best defense.