Specify an Existing Local or Central TS CAP Store
Applies To: Windows Server 2008
Terminal Services connection authorization policies (TS CAPs) allow you to specify who can connect to a TS Gateway server. You can specify a local TS CAP store (TS CAPs that are stored on the TS Gateway server) or a central TS CAP store [TS CAPs that are stored on a central Network Policy Server (NPS server), formerly known as a Remote Authentication Dial-In User Service (RADIUS) server].
This procedure describes how to specify an existing local or central TS CAP store. Alternatively, you can create a new local TS CAP or you can specify a new central TS CAP store. For more information, see Create a TS CAP or Specify a New Central TS CAP Store. Centrally stored TS CAPs are stored on NPS servers.
Important
If you have not done so already, you must also create a Terminal Services resource authorization policy (TS RAP).
Membership in the local Administrators group, or equivalent, on the TS Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To specify an existing local or central TS CAP store
Open TS Gateway Manager.
In the console tree, click to select the node that represents the local TS Gateway server, which is named for the computer on which the TS Gateway server is running.
With the TS Gateway server selected, right-click the server name, and then click Properties.
On the TS CAP Store tab, do one of the following:
To specify a local TS CAP store, click Local NPS Server, and then click OK.
To specify a central TS CAP store, click Central NPS server, click the name of the NPS server that you want, and then click OK.
If you specify a central TS CAP store, you must also ensure that settings and policies are configured as needed on the central NPS server. For information, see the TS Gateway Server Step-by-Step Setup Guide (https://go.microsoft.com/fwlink/?LinkId=79605)
Additional considerations
You can remove or change the shared secret for a central TS CAP store. For information, see Remove an NPS Server or Change an NPS Server Shared Secret for a Centrally Stored TS CAP.