Using Group Policy to Manage Client Connections Through Remote Desktop Gateway
Applies To: Windows Server 2008 R2
You can use Group Policy and Active Directory Domain Services to centralize and simplify the administration of RD Gateway policy settings. You use the Local Group Policy Editor to configure these settings, which are contained within Group Policy objects (GPOs). You use the Group Policy Management Console (GPMC) to link GPOs to sites, domains, or organizational units (OUs) in Active Directory Domain Services.
The Local Group Policy Editor operates as an extension to the GPMC. When you edit a GPO from within the GPMC, the Local Group Policy Editor appears, displaying the settings for that particular GPO. You must have edit rights on a GPO in order to open it in the Local Group Policy Editor.
The Default Domain Policy GPO and the Default Domain Controllers Policy GPO are vital to the health of any domain. As a best practice, you should not edit the Default Domain Policy GPO or the Default Domain Controllers Policy GPO, except in the following cases:
- It is required that account policy settings be configured in the Default Domain Policy GPO.
- If you install applications on domain controllers requiring modifications to User Rights or Audit policy settings, you must modify the policy settings in the Default Domain Controllers Policy GPO.
Group Policy settings for Remote Desktop Services client connections through RD Gateway can be applied in one of two ways. These policy settings can either be suggested (that is, they can be enabled, but not enforced) or they can be enabled and enforced.
To suggest a policy setting for RD Gateway, enable the setting in Group Policy, but do not clear the Allow users to change this setting check box. Doing this allows users on the client to enter alternate RD Gateway connection settings. To specify alternate policy settings, users select the Use these RD Gateway server settings option in the RD Gateway Server Settings dialog box on the client, and then specify the alternate RD Gateway connection settings.
To enforce a policy setting for RD Gateway, enable the setting in Group Policy and clear the Allow users to change this setting check box. When you do this, users cannot change the RD Gateway connection setting, even if they select the Use these RD Gateway server settings option on the client. For information about how to configure Remote Desktop Services client settings, see Configuring the Remote Desktop Services Client for Remote Desktop Gateway.
This section provides procedures for using Group Policy to manage Remote Desktop Services client connections to the network through RD Gateway. The following topics are covered: