Set the Remote Desktop Gateway Server Authentication Method
Updated: March 2, 2011
Applies To: Windows Server 2008 R2
This procedure describes how to use the Group Policy Management Console (GPMC) to set an authentication method for Remote Desktop Services clients that connect to internal network resources (computers) through an RD Gateway server.
To manage Group Policy on a Windows Server 2008 R2-based domain controller, you must first add the Group Policy Management Console feature. To do this, start Server Manager, and then under Feature Summary, click Add Features. On the Select Features page, select the Group Policy Management check box. Follow the on-screen instructions to complete the installation.
To change Group Policy settings for a domain or an organizational unit (OU), you must be logged on as a member of the Domain Admins, Enterprise Admins, or the Group Policy Creator Owners group, or have been delegated the appropriate control over Group Policy.
To set the Remote Desktop Gateway server authentication method
Start the GPMC. To do so, click Start, point to Administrative Tools, and then click Group Policy Management.
In the left pane, locate the OU that you want to edit.
To modify an existing Group Policy object (GPO) for the OU, expand the OU, and then click the GPO.
To create a new GPO, follow these steps:
Right-click the OU, and then click Create a GPO in this domain, and link it here.
In the Name box, type a name for the GPO, and then click OK.
In the left pane, locate and click the new GPO.
In the right pane, click the Settings tab.
Right click User Configuration, and then click Edit.
In the left pane, under User Configuration, expand Policies, expand Administrative Templates, expand Windows Components, expand Remote Desktop Services, and then click RD Gateway.
In the right pane, in the settings list, right-click Set RD Gateway authentication method, and then click Edit.
In the Set RD Gateway authentication method dialog box, do one of the following:
Click Not Configured. The authentication method that is specified by the user is used. If an authentication method is not specified, the NTLM protocol that is enabled on the client or a smart card can be used for authentication.
Click Enabled, and then select the authentication method. By default, the Allow users to change this setting check box is not selected, meaning that the authentication method setting is suggested, and that users on the Remote Desktop Services client will be unable to specify an alternate authentication method. To allow the authentication method to be revised by users on the client, select this check box. For information about supported Windows authentication methods for RD Gateway, see Understanding Requirements for Connecting to a Remote Desktop Gateway Server.
Click Disabled. The authentication method that is specified by the user is used. If an authentication method is not specified, the NTLM protocol that is enabled on the Remote Desktop Services client or a smart card can be used for authentication.
To configure RD Gateway settings by using the local computer policy, use the Local Group Policy Editor. To start the Local Group Policy Editor, click Start, click Run, type gpedit.msc, and then click OK. To configure local Group Policy settings, you must be a member of the Administrators group on the local computer or you must have been delegated the appropriate authority.