Remote Desktop connection authorization policies (RD CAPs) allow you to specify who can connect to an RD Gateway server. You can specify a user group that exists on the local RD Gateway server or in Active Directory Domain Services. Users are granted access to an RD Gateway server if they meet the conditions specified in the RD CAP.
Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at
To enable or disable client device redirection |
On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
In the Remote Desktop Gateway Manager console tree, click to expand the node that represents the RD Gateway server, which is named for the computer on which the RD Gateway server is running.
In the console tree, expand Policies, and then click Connection Authorization Policies.
In the results pane, right-click the RD CAP for which you want to enable or disable client device redirection, and then click Properties.
On the Device Redirection tab, select one of the following options to enable or disable redirection for remote client devices:
- To permit all client devices to be redirected when connecting through the RD Gateway server, click Enable device redirection for all client devices. By default, this option is selected.
- To disable device redirection for only certain device types when connecting through the RD Gateway server, click Disable device redirection for the following client device types, and then select the check boxes that correspond to the client device types for which device redirection should be disabled.
- To permit all client devices to be redirected when connecting through the RD Gateway server, click Enable device redirection for all client devices. By default, this option is selected.
To only allow client connection to servers that enforce secure device redirection, on the Device Redirection tab, select the Only allow client connections to Remote Desktop Session Host servers that enforce RD Gateway device redirection check box.
Click OK.