This last weekend, I tried connecting to one of our Lab computers and got one of those messages stating that we have reached the maximum number of connections allowed.
As I happen to be physically close to the computers, I walked over and logged on the console.
Launched Task Manager and confirmed that we indeed have ongoing sessions.
- In the screenshot above, yours truly is logged on from the console
- Whereas, os and string are remotely connected
Thankfully, the connected sessions bored usernames that I was not familiar with.
And, so acquiescing to disconnecting them was easy.
Next in line is to disable the account. As they were local and not Active Directory accounts, launched Computer Management and disabled each off the ill gotten accounts.
Next in line is to change the network port that Terminal Services is listening on. As we all know Terminal Services, TS, default port is 3389.
Accessed Windows Registry and changed it to a previously unused port.
As we are really not able to simply restart Terminal Services for the change to take effect, rebooted the box.
Image – Before
Image – After
Configured local Windows Firewall to allow incoming connections to the new port.
Re-enabled Windows Firewall logging for failed connections.
Rather than allow the whole internet access to new network port, make a list of Internet subnets that we usually connect from and allow those alone.
Review our Network router and likewise tighten its network availability, as well.
Local Windows Accounts
Be more proactive about monitoring local Windows SAM Accounts. Investigate whether we can be alerted when new ones are created.
Moral of the Story
The same ease that you allow for your usage is the same ease passer bys can access your resources.