Step 3: Enabling NAP Health Policy on the RD Gateway Server

  • Article

Applies To: Windows Server 2008 R2

To enable Network Access Protection (NAP) health policy checking on the RD Gateway server, you enable a setting on the server that requests that the Remote Desktop Services client send a statement of health (SoH).

To enable health checking on the RD Gateway server

  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.

  2. In the Remote Desktop Gateway Manager console tree, right-click RDG-SRV (Local) and then click Properties.

  3. On the RD CAP Store tab, verify that the Request clients to send a statement of health check box is selected.

  4. If you selected the Request clients to send a statement of health check box, a message appears that states you must also configure RD CAPs for NAP to ensure that health policies are enforced. Click OK to close the message.

  5. Click OK again to close the RD Gateway server Properties dialog box.

You have already created one or more RD CAPs on the RD Gateway server by using RD Gateway Manager. You delete those TS CAPs by using the following procedure.

To delete existing RD CAPs on the RD Gateway server

Warning

Failure to delete existing RD CAPs might result in security vulnerabilities for your internal network because these RD CAPs might bypass the NAP authorization policies that you will create for the RD Gateway NAP scenario. If the NAP authorization policies are bypassed, Remote Desktop Services clients that do not meet NAP authorization policy requirements will be allowed access to the RD Gateway server. 

In the Remote Desktop Gateway Manager console tree, click to expand **RDG-SRV (Local)**, expand **Policies**, and then click **Connection Authorization Policies**.

  1. In the details pane, right-click RD_CAP_01, and then click Delete.

  2. Click Yes to close the RD Gateway server RD Gateway dialog box.

You have enabled NAP health policy checking on the RD Gateway server. Now you can proceed to Step 4: Configuring a Windows Security Health Validator on the RD Gateway Server.