Using Group Policy to Manage Client Connections Through TS Gateway

  • Article

Applies To: Windows Server 2008

You can use Group Policy and Active Directory Domain Services to centralize and simplify the administration of TS Gateway Group Policy settings. You use the Local Group Policy Editor to configure these policy settings, which are contained within Group Policy objects (GPOs). You use the Group Policy Management Console (GPMC) to link GPOs to sites, domains, or organizational units (OUs) in Active Directory Domain Services.

The Local Group Policy Editor operates as an extension to the GPMC. When you edit a GPO from within the GPMC, the Local Group Policy Editor appears, displaying the policy settings for that particular GPO. You must have editing rights on a GPO to open it in the Local Group Policy Editor.

Important

The Default Domain Policy GPO and Default Domain Controllers Policy GPO are vital to the health of any domain. As a best practice, you should not edit the Default Domain Controllers Policy GPO or the Default Domain Policy GPO, except in the following cases:

  • If it is required that account policy settings be configured in the Default Domain GPO.

  • If you install applications on domain controllers that require modifications to the User Rights or Audit policy settings, you must modify the policy settings in the Default Domain Controllers Policy GPO.

Group Policy settings for Terminal Services client connections through TS Gateway can be applied in one of two ways. These policy settings can be suggested (that is, they can be enabled, but not enforced), or they can be enabled and enforced.

To suggest a policy setting for TS Gateway, enable the policy setting in Group Policy, but do not clear the Allow users to change this setting check box. Doing this allows users on the client to enter alternate TS Gateway connection settings. To specify alternate policy settings, users select the Use these TS Gateway server settings option in the TS Gateway Server Settings dialog box on the client, and then specify the alternate TS Gateway connection settings.

To enforce a policy setting for TS Gateway, enable the policy setting in Group Policy and clear the Allow users to change this setting check box. When you do this, users cannot change the TS Gateway connection setting, even if they select the Use these TS Gateway server settings option on the client. For information about how to configure Terminal Services client settings, see Configuring the Terminal Services Client for TS Gateway.

This section provides procedures for using Group Policy to manage Terminal Services client connections to the network through TS Gateway. It includes the following topics: