One of the ways a computer can be infected with ransomware is hacking into an RDP-enabled workstation using brute force/password guessing. However, it can be difficult identifying which workstation is the target and you find various user accounts being locked due to excessive wrong passwords.

On the AD machine, open a command prompt and enter:

Nltest /DBFlag:2080FFFF

Now, all logon attempts will be logged in %windir%\debug\netlogon.log as [LOGON]
Successful logons show return code 0, hacking has non-zero return codes.

To turn off logging, open a command prompt and enter:

Nltest /DBFlag:0×0

New Windows 10 computers with high-DPI screens will exhibit a Remote Desktop screen with tiny icons which are sometimes too small to see.  This can be resolved by using “manifest” files.  Here’s how:

1. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide

2. Right click on the SideBySide folder and then click on New, DWORD (32Bit)

3. Create a new key called PreferExternalManifest and set its value to 1.

4. Close Registry Editor

5. Download and un-zip this pre-configured manifest file and place the mstsc.exe.manifest file in the same folder as the MSTSC.EXE file (C:\Windows\System32)

Scaling should be readable now.