Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server. You can specify a local RD CAP store (RD CAPs that are stored on the RD Gateway server) or a central RD CAP store [RD CAPs that are stored on a central server that is running Network Policy Server (NPS), formerly known as a Remote Authentication Dial-In User Service (RADIUS) server].

This procedure describes how to specify an existing local or central RD CAP store. Alternatively, you can create a new local RD CAP or you can specify a new central RD CAP store. For more information, see Create an RD CAP or Specify a New Central RD CAP Store. Centrally stored RD CAPs are stored on servers running NPS.


If you have not done so already, you must also create a Remote Desktop resource authorization policy (RD RAP).

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at

To specify an existing local or central RD CAP store
  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the Remote Desktop Gateway Manager console tree, right-click the local RD Gateway server, and then click Properties.

  3. In the Properties dialog box for the RD Gateway server, on the RD CAP Store tab, do one of the following:

    • To specify a local RD CAP store, click Local server running NPS, and then click OK.

    • To specify a central RD CAP store, click Central server running NPS, click the name of the server running NPS that you want, and then click OK.

      If you specify a central RD CAP store, you must also ensure that settings and policies are configured as needed on the central server running NPS. For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (