Blocking distributed or very slow brute force isn't really viable, but for others there are a variety of paid (RDPGuard) and free (IPBan, http://www.digitalruby.com/securing-your-windows-dedicated-server/) options to let you shut down persistent remote hosts.
Depending on your routers you may also be able to block at the router/firewall level - the "watch for repeated new connections" approach described here (http://serverfault.com/questions/548923/prevent-rdp-logon-brute-force-in-mikrotik-router-via-winbox) for Mikrotik could likely be applied to some other types of routers depending on capabilities.
Looks like I found something here that I think would work: http://www.digitalruby.com/securing-your-windows-dedicated-server/ I'll install it as a service tomorrow and see what happens from there. Thank you!