RDP Live Monitor: a small Windows tool built with Codex for tracking RDP sessions and blocking IPs

Hi everyone!

I want to share a small Windows server security/admin tool we built with Codex: RDP Live Monitor.

The goal is simple: make it easier to see who is currently connected to a Windows Server via RDP, review recent RDP events, and quickly block suspicious IP addresses from one small desktop app.

What it does:

• Shows current RDP sessions from query session
• Shows active connections on port 3389
• Shows recent RDP logon/reconnect/disconnect events
• Displays the current Windows Firewall blacklist
• Lets you block or unblock:
  • a single IP, for example 109.205.211.17
  • a CIDR subnet, for example 109.205.211.0/24
  • an IP range, for example 109.205.211.1-109.205.211.50
• Can clear local RDP event history from the UI
• Runs as a small Windows .exe
• Has a custom embedded icon

This started as a practical server hardening/debugging session: checking active RDP connections, inspecting suspicious IPs, adding firewall blacklist rules, and then turning those repeated PowerShell checks into a simple GUI.

The tool is written in PowerShell/WinForms and compiled into an .exe with PS2EXE.

I’m sharing it here because it was a nice example of using Codex as a hands-on pair admin/developer: first for investigation, then for automation, then for UI polish.

Happy to hear suggestions on what to add next. Some ideas:

• Export history to CSV
• Add allowlist mode for trusted RDP IPs
• Show country/ASN for remote IPs
• Add notifications when a new RDP IP appears
• Add a “block selected IP” button directly on event rows

github

Repository name: Dimasik164 / rdp-live-monitor Search phrase: rdp-live-monitor Dimasik164