This procedure describes how to use the Group Policy Management Console (GPMC) to enable connections through RD Gateway. When this policy setting is enabled, when Remote Desktop Services clients cannot connect directly to an internal network resource (computer), the clients will attempt to connect to the computer through the RD Gateway server that is specified in the Set RD Gateway server address policy setting.

Note

To manage Group Policy on a Windows Server 2008 R2-based domain controller, you must first add the Group Policy Management Console feature. To do this, start Server Manager, and then under Feature Summary, click Add Features. On the Select Features page, select the Group Policy Management check box. Follow the on-screen instructions to complete the installation.

To change Group Policy settings for a domain or an organizational unit (OU), you must be logged on as a member of the Domain Admins, Enterprise Admins, or the Group Policy Creator Owners group, or have been delegated the appropriate control over Group Policy.

To enable connections through RD Gateway
  1. Start the GPMC. To do so, click Start, point to Administrative Tools, and then click Group Policy Management.

  2. In the left pane, locate the OU that you want to edit.

    • To modify an existing Group Policy object (GPO) for the OU, expand the OU, and then click the GPO.

    • To create a new GPO, follow these steps:

      1. Right-click the OU, and then click Create a GPO in this domain, and link it here.

      2. In the Name box, type a name for the GPO, and then click OK.

      3. In the left pane, locate and click the new GPO.

  3. In the right pane, click the Settings tab.

  4. Right click User Configuration, and then click Edit.

  5. In the left pane, under User Configuration, expand Administrative Templates, expand Windows Components, expand Remote Desktop Services, and then click RD Gateway.

  6. In the right pane, in the settings list, right-click Enable connection through RD Gateway, and then click Edit.

  7. On the Settings tab, do one of the following:

    • Click Not Configured. Remote Desktop Services clients will not use the RD Gateway server address that is specified in the Set RD Gateway server address policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.

    • Click Enabled. When Remote Desktop Services clients cannot connect directly to an internal network resource, the clients will attempt to connect to the internal network resource through the RD Gateway server that is specified in the Set RD Gateway server address policy setting.

    • Click Disabled. Remote Desktop Services clients will not use the RD Gateway server address that is specified in the Set RD Gateway server address policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.

  8. Click OK.

Note

To configure RD Gateway settings by using the local computer policy, use the Local Group Policy Editor. To start the Local Group Policy Editor, click Start, click Run, type gpedit.msc and then click OK. To configure local Group Policy settings, you must be a member of the Administrators group on the local computer or you must have been delegated the appropriate authority.