Remote users can connect through RD Gateway to internal network resources in an existing security group, an RD Gateway-managed computer group, or an RD Session Host server farm.
The group can be any of the following:
- An existing Active Directory Domain Services
network resource group.
- An existing RD Gateway-managed group or
a new RD Gateway-managed group.
Important If users are connecting to members of a terminal server farm by using Terminal Services Session Broker (TS Session Broker) running on Windows Server 2008, you must select this option. The name of the farm and the name of each member must be specified in the computer group.
- Any network resource.
Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
To specify computers that users can connect to through RD Gateway |
-
On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
-
In the Remote Desktop Gateway Manager console tree, click to expand the node that represents your RD Gateway server, which is named for the computer on which the RD Gateway server is running.
-
In the console tree, expand Policies, and then click Resource Authorization Policies.
-
With the Resource Authorization Policies folder selected, right-click the RD RAP for which you want to specify a computer group, and then click Properties.
-
On the Network Resource tab, specify the computer group that users can connect to through RD Gateway by doing one of the following:
- To specify an existing Active Directory
Domain Services network resource group, click Select an Active
Directory Domain Services network resource group. This is the
default option.
- Click Browse.
- In the Select Group dialog box, specify the user group
location and name, and then click OK.
- Click Browse.
- To specify an RD Gateway-managed
computer group, click Select an existing RD Gateway-managed
group or create a new one, and then click Browse. In the
Select an RD Gateway-managed computer group dialog box, do
one of the following:
- Select an existing RD Gateway-managed
computer group by clicking the name of the computer group that you
want to use, and then click OK.
- Create a new RD Gateway-managed computer
group by clicking Create New Group.
- In the New RD Gateway-Managed Computer Group dialog box,
on the General tab, in the Name box, enter a name for
the new RD Gateway-managed computer group. In the
Description box, enter a description.
- On the Network Resources tab, type the name or IP
address of the computer or remote desktop farm that you want to
add, and then click Add. Repeat this step as needed to
specify additional computers, and then click OK to close the
New RD Gateway-Managed Computer Group dialog box.
- In the Select an RD Gateway-managed computer group
dialog box, click the name of the new computer group, and then
click OK.
Important When you add an internal corporate network computer to the list of RD Gateway-managed computers, keep in mind that if you want to allow remote users to connect to the computer by specifying either its computer name or its IP address, you must add the computer to the computer group twice (by specifying the computer name of the computer and adding it to the computer group and then specifying the IP address of the computer and adding it to the computer group again). If you specify only an IP address for a computer when you add it to a computer group, users must also specify the IP address of that computer when they connect to that computer through RD Gateway. To ensure that remote users connect to the internal corporate network computers that you intend, we recommend that you do not specify IP addresses for the computers, if the computers are not configured to use static IP addresses. For example, you should not specify IP addresses if your organization uses DHCP to dynamically reconfigure IP addresses for the computers.
- In the New RD Gateway-Managed Computer Group dialog box,
on the General tab, in the Name box, enter a name for
the new RD Gateway-managed computer group. In the
Description box, enter a description.
- Select an existing RD Gateway-managed
computer group by clicking the name of the computer group that you
want to use, and then click OK.
- To specify any network resource, click
Allow users to connect to any network resource, and then
click OK.
- To specify an existing Active Directory
Domain Services network resource group, click Select an Active
Directory Domain Services network resource group. This is the
default option.