When using our stack for Windows 2012 R2 RDP, you may want to have some healthy paranoia, and set a default RDP user lockout policy. By default there is only the Administrator account, and that has no lockout policy defined.
Setting one up is very easy, and takes about five minutes.
Step 1. RDP into the server as Administrator, and look for the toolbox icon on the desktop.
Step 2. Path down to section Account Lockout Policy:
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
Step 3. “Account lockout threshold” 0 invalid logon attempts # Set the policy greater than 0.
This will open a dialogue box with suggested defaults. Click “OK” to save.
Step 4. From the CMD prompt [Shortcut on the desktop] , run gpupdate /force