Appendix A: Configuring RD Gateway Clients as Network Access Protection Enforcement Clients

  • Article

Applies To: Windows Server 2008 R2

To configure RD Gateway clients as Network Access Protection enforcement clients, we recommend that you use the Windows CMD script mentioned in Step 6: Verifying NAP Health Policy Functionality on the RD Gateway Server of this guide. However, the steps can be completed manually as follows:

  • Add the RD Gateway server name to the Trusted Server list on the client computer.

  • Start the Network Access Protection Agent service and set the service startup type to Automatic.

  • Enable the TS Gateway Quarantine Enforcement client.

These actions can be performed in a Command Prompt window.

To configure the RD Gateway client CONTOSO-CLNT as a Network Access Protection Enforcement Client

  1. Log on to CONTOSO-CLNT as CONTOSO\Administrator.

  2. Open the command prompt. To open the command prompt, click Start, click All Programs, click Accessories, and then click Command Prompt.

  3. At the command prompt, copy the following commands:

    • reg add "HKLM\Software\Microsoft\Terminal Server Client\TrustedGateways" /v GatewayFQDN /t REG_MULTI_SZ /d RDG-SRV.contoso.com /f

    • reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\Qecs\79621 /v Enabled /t REG_DWORD /d 1 /f

    • sc config napagent start= auto

    • net start napagent

  4. Restart the client computer to implement the configuration changes, and then log on to CONTOSO-CLNT as CONTOSO\Administrator.

  5. To open Registry Editor, click Start, click Run, type regedit, and then click OK.

  6. Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client\TrustedGateways

  7. Under GatewayFQDN, verify that the following value exists: RDG-SRV.contoso.com

  8. Log off the CONTOSO-CLNT computer.

Next, log on to CONTOSO-CLNT as Morgan Skinner and use Remote Desktop Connection (RDC) and verify that the NAP health policy is successfully applied to the Remote Desktop Services client computer as explained in Step 6: Verifying NAP Health Policy Functionality on the RD Gateway Server.

  • Test for a successful allowed connection to the RD Session Host server (RDSH-SRV) by using the RD Gateway server (RDG-SRV).

  • Test for a successful blocked connection to the RD Session Host server (RDSH-SRV) by using the RD Gateway server (RDG-SRV).