Using Group Policy to Manage Client Connections Through TS Gateway
Applies To: Windows Server 2008
You can use Group Policy and Active Directory Domain Services to centralize and simplify the administration of TS Gateway policy settings. You use the Local Group Policy Editor to configure these settings, which are contained within Group Policy objects (GPOs). You use the Group Policy Management Console (GPMC) to link GPOs to sites, domains, or organizational units (OUs) in Active Directory Domain Services.
The Local Group Policy Editor operates as an extension to the GPMC. When you edit a GPO from within the GPMC, the Local Group Policy Editor appears, displaying the settings for that particular GPO. You must have edit rights on a GPO in order to open it in the Local Group Policy Editor.
The Default Domain Policy GPO and Default Domain Controllers Policy GPO are vital to the health of any domain. As a best practice, you should not edit the Default Domain Controllers Policy GPO or the Default Domain Policy GPO, except in the following cases:
It is required that account policy settings be configured in the Default Domain GPO.
If you install applications on domain controllers requiring modifications to User Rights or Audit policy settings, you must modify the policy settings in the Default Domain Controllers Policy GPO.
Group Policy settings for Terminal Services client connections through TS Gateway can be applied in one of two ways. These policy settings can either be suggested (that is, they can be enabled, but not enforced) or they can be enabled and enforced.
To suggest a policy setting for TS Gateway, enable the setting in Group Policy, but do not clear the Allow users to change this setting check box. Doing this allows users on the client to enter alternate TS Gateway connection settings. To specify alternate policy settings, users select the Use these TS Gateway server settings option in the TS Gateway Server Settings dialog box on the client, and then specify the alternate TS Gateway connection settings.
To enforce a policy setting for TS Gateway, enable the setting in Group Policy and clear the Allow users to change this setting check box. When you do this, users cannot change the TS Gateway connection setting, even if they select the Use these TS Gateway server settings option on the client. For information about how to configure Terminal Services client settings, see Configuring the Terminal Services Client for TS Gateway.
This section provides procedures for using Group Policy to manage Terminal Services client connections to the network through TS Gateway. The following topics are covered: