Set the TS Gateway Server Address
Applies To: Windows Server 2008
The following procedure describes how to use the Group Policy Management Console (GPMC) to specify the TS Gateway server that Terminal Services clients use when connecting to internal network resources through a TS Gateway server.
By default, Terminal Services clients automatically detect when TS Gateway is required.
To manage Group Policy on a Windows Server 2008-based domain controller, you must first add the Group Policy Management Console feature. To do this, start Server Manager, and then under Feature Summary, click Add Features. On the Select Features page, select the Group Policy Management check box. Follow the on-screen instructions to complete the installation.
To change Group Policy settings for a domain or an organizational unit (OU), you must be logged on as a member of the Domain Admins group, Enterprise Admins group, or the Group Policy Creator Owners group, or have been delegated the appropriate authority over Group Policy.
To set the TS Gateway server address
Start the GPMC. To do so, click Start, point to Administrative Tools, and then click Group Policy Management.
In the left pane, locate the OU that you want to edit.
To modify an existing Group Policy object (GPO) for the OU, expand the OU, and then click the GPO.
To create a new GPO, follow these steps:
Right-click the OU, and then click Create a GPO in this domain, and link it here.
In the Name box, type a name for the GPO, and then click OK.
In the left pane, locate and click the new GPO.
In the right pane, click the Settings tab.
Right-click User Configuration, and then click Edit.
In the left pane, under User Configuration, expand Administrative Templates, expand Windows Components, expand Terminal Services, and then click TS Gateway.
In the right pane, in the list of policy settings, right-click Set TS Gateway server address, and then click Properties.
On the Settings tab, do one of the following:
Click Not Configured. Terminal Services clients automatically detect when TS Gateway is required. When a connection through TS Gateway is required, the TS Gateway server or the TS Gateway server farm specified by the user is used.
Click Enabled, and then specify a valid, fully qualified domain name (FQDN) of the TS Gateway server or TS Gateway server farm that clients are to use when connecting to internal network resources. The name must match the name that appears in the Secure Sockets Layer (SSL) certificate for the TS Gateway server.
By default, the Allow users to change this setting check box is selected, meaning that this policy setting is suggested, and users can specify an alternate TS Gateway server or TS Gateway server farm. To enforce this policy setting so that users cannot specify an alternate TS Gateway server or TS Gateway server farm, clear this check box.
Click Disabled. Terminal Services clients automatically detect when TS Gateway is required.
If you disable or do not configure this policy setting, but enable the Enable connections through TS Gateway policy setting, client connection attempts to any internal network resource will fail, if the client cannot connect directly to the internal network resource.
- Click OK.
To configure TS Gateway Group Policy settings by using the local computer policy, use the Local Group Policy Editor. To start the Local Group Policy Editor, click Start, click Run, type gpedit.msc, and then click OK. To configure local Group Policy settings, you must be a member of the Administrators group on the local computer or you must have been delegated the appropriate authority.