I can say from personal experience after less than 24Hrs of leaving a VM exposed to WAN w/ open port 389 I was being Brute Forced. This should be always setup on any WAN facing RDP machine and acts similar to "Fail2Ban".
Go to Start-->Programs-->Administrative Tools-->Local Security Policy Under Account Policies-->Account Lockout Policies, set values for all three options.