Remove an NPS Server or Change an NPS Server Shared Secret for a Centrally Stored TS CAP

Applies To: Windows Server 2008

If you are changing the shared secret for a Network Policy Server (NPS server) on which a central Terminal Services connection authorization policy (TS CAP) is stored, keep in mind that you must use the same case-sensitive shared secret that you specified when configuring the TS Gateway server as a RADIUS client on the central NPS server.

We also recommend that you do the following:

• Generate long shared secrets (more than 22 characters) comprised of a random sequence of letters, numbers, and punctuation.

• Change the shared secret often.

Membership in the local Administrators group, or equivalent, on the TS Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To remove an NPS server or change the shared secret for an NPS server for a centrally stored TS CAP

1. Open TS Gateway Manager.

2. In the console tree, click to select the node that represents the local TS Gateway server, which is named for the computer on which the TS Gateway server is running.

3. In the console tree, expand Policies, and then click Central Network Policy Servers.

4. In the results pane, in the list of centrally stored TS CAPs, click the name of the NPS server that you want to remove or whose shared secret you want to modify.

5. On the Action menu, click Configure Central CAP.

6. On the TS CAP Store tab, do either of the following:

   • To remove an NPS server, click the name of the NPS server that you want to remove, and then click Remove NPS Server.

     If only one NPS server is specified and you remove it from the list, you must add another NPS server to the list if you plan to use a centrally stored TS CAP.

   • To change the shared secret for an NPS server, click the name of the NPS server for which you want to change the shared secret, click Change Shared Secret, type a new shared secret in the Enter a new shared secret box, and then click OK.

7. Click OK to close the Properties dialog box for the centrally stored TS CAP.

Additional references

• Manage Terminal Services Connection Authorization Policies (TS CAPs)

• Checklist: Configure TS Gateway

• Understanding Authorization Policies for TS Gateway

• Open the TS Gateway Manager Snap-in Console