To enhance security, you can configure RD Gateway servers and clients to use Network Access Protection (NAP). NAP is a health policy creation, enforcement, and remediation technology that is included in Windows Server 2008 R2, Windows Server 2008, Windows 7, Windows Vista, and Windows XP Service Pack 3. With NAP, system administrators can enforce health requirements on Remote Desktop Services clients that connect to the RD Gateway server, which can include firewalls being enabled, security update requirements, required computer configurations, and other settings.

By using NAP, you can help ensure that Remote Desktop Services clients meet the health policy requirements of your organization before they are allowed to connect to computers on the corporate network through RD Gateway servers.


Computers running Windows Server 2008 R2 and Windows Server 2008 cannot be used as NAP clients. Only computers running Windows 7, Windows Vista, and Windows XP Service Pack 3 can be used as NAP clients.

To enable NAP health policy checking on the RD Gateway server, you enable a setting on the server that requests that the Remote Desktop Services client sends a statement of health (SoH).

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

To enable NAP health policy checking on the RD Gateway server
  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the Remote Desktop Gateway Manager console tree, right-click the local RD Gateway server, and then click Properties.

  3. In the Properties dialog box for the RD Gateway server, on the RD CAP Store tab, verify that the Request clients to send a statement of health check box is selected, and then click OK.

    Ensure that you have properly configured the Remote Desktop Services clients, the RD Gateway server, and the server running NPS. For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (