This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 78%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
We recently created an RDS server for our applications and the login page is public facing because we do not want the users to access via VPN. There is a concern that we may be vulnerable to a brute force attack that may cause higher level employees accounts to get locked out. If I create a security group in AD for the small group of users who access RDS and assign it to them, will a user who is not in this group still get locked out from unsuccessful login attempts on the RDS even though they do not have access to RDS in the first place?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 30%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Hi,
Have you checked if the answer helps?
If it helps, please do not forget to accept the answer.
Thanks,
Eleven
Hi,
Could you please accept our answer if it helps?
Thanks,
Eleven
Hi,
Please let us know if further assistance is required.
It will be much appreciated if you could mark our reply as answer.
Thanks,
Eleven
Hi,
Hope our reply has resolved your question.
Please accept answer if the reply is helpful.
Thanks,
Eleven
Hi,
Could you please accept our reply as answer so that others could easily search the answer for similar questions?
Thanks,
Eleven
Hi,
The root cause of account lockouts is incorrect credentials. Incorrect credentials will cause unsuccessful login, then the user's account get locked.
So, a user who is not in the group will be denied to access to RDS but the account will not be locked if there is no password error during login attempt.
Thanks,
Eleven