RDPlus prevents brute-force attacks by locking accounts after repeated failed attempts to login through the Portal.
By default, the lockout feature uses the following parameters:

ParameterDescriptionDefault value
LockoutActivatedDefines if the Lockout feature is activated. The Lockout feature can be disabled by setting this parameter to false. Possible values are: truefalse.true
LockoutIntervalSpecifies the allowable interval of time between failed login attempts. In seconds.600
LockoutLimitDefines the number of allowed failed attempts before the account is locked out.10
LockoutPeriodSpecifies the amount of time an account is locked out and unable to login. In seconds.1800

These parameters can be overridden by editing the configuration file hb.exe.config located in <RDPlus setup directory>\Clients\www\cgi-bin directory. In the appSettings node of the document, the parameter key may be set to a different value. The change are effective once the hb.exe.config file is saved.

For example, below is illustrated the configuration for disabling the lockout feature:


<add key=”LockoutActivated” value=”false” />
<add key=”LockoutInterval” value=”600″ />
<add key=”LockoutLimit” value=”10″ />
<add key=”LockoutPeriod” value=”1800″ />


Note: The period of time a user is locked out is the greatest value between LockoutPeriod and LockoutInterval settings. Therefore, when changing LockoutPeriod’s value, one should update the LockoutInterval setting with a smaller value to ensure a relevant behavior.