Theoretically on a system that does not have an account lockout policy in place which by the way is not a system default, the RDP protocol can be used to get the administrator password with brute force. Brute force is a fancy way of saying trying all possible passwords. If the system never locks out the account then time is the only barrier to eventually getting you password and logging in.
The first defense is to implement a good account lockout policy but that does not solve the entire problem. Any administrator of a public facing Windows web server will notice that their server is continiously attacked by bots looking for an easy target. The bots will often lock out your accounts which can be very annoying.
To protect your system from the bots and script kiddies I always reccomend changing the default RDP port. This will not fool an intelligent attacker but it will weed out the noise.
There are two methods you can use to change the default RDP port. The first is a simple registry hack:
Open up Registry Editor by running regedit. Then navigate to HKEY_LOCAL_MACHINE, SYSTEM, CurrentControlSet, Control, Terminal Server, WinStations and RDP-Tcp. Right click on the PortNumber dword and select Modify. Change the base to Decimal and enter a new port between 1025 and 65535 that is not already in use. Finally click OK.
Trouble logging in? Simply enter your email address OR username in order to reset your password.
For faster and more reliable delivery, add email@example.com to your trusted senders list in your email software.