Remote Desktop Services Overview
Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to take control of a remote computer or virtual machine over a network connection. RDS is Microsoft‘s implementation of thin client, where Windows software, and the entire desktop of the computer running RDS, are made accessible to a remote client machine that supports Remote Desktop Protocol (RDP). With RDS, only software user interfaces are transferred to the client system. All input from the client system is transmitted to the server, where software execution takes place.
This blog post shows how to install and configure Remote Desktop Services.
This same step applies to Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019
Install Remote Desktop Gateway Service Role
In Server Manager, click Manage, and then click Add Roles and Features. The Add Roles and Features Wizard opens.
In Before You Begin, click Next.
In Select Installation Type, ensure that Role-Based or feature-based installation is selected, and then click Next.
In Select destination server, ensure that Select a server from the server pool is selected. In Server Pool, ensure that the local computer is selected. Click Next.
In Select Server Roles, in Roles, select Remote Desktop Services. then click Next.
In Select features, click Next.
In Remote Desktop, click Next.
In Select Server Roles, in Roles, select Remote Desktop Gateway. When you are prompted to add required features, click Add Features, and then click Next.
In Network Policy and Access Services, click Next.
In Web Server Role (IIS), click Next.
In Select role services, click Next.
Select Install on the Confirmation pane of the Add Roles and Features Wizard to begin Remote Desktop Gateway Role service installation. Selecting the Restart, the destination server automatically if required option in the Confirmation pane will force a restart of the computer after installation is complete.
In Server manager select Tools then Remote desktop services then click Remote Desktop Gateway Manager
In RD Gateway Manager, Click View or modify certificate properties to
In Import Certificate, select your Certificate and Click Import
Click Apply and OK
Create the Connection Authorization Policy and the Resource Authorization Policy
In the left pane, navigate to Policies, click on Connection Authorization Policies. On the Actions pane on the right, right click Create New Policy, and select Wizard.
Select Create a RD CAP and a RD RAP (recommended) and click Next
Give the policy a name. click Next
Click Add Group
I will select the Domain Admins group. Normally you would create another user group which you add users that you want to allow to use the Remote Desktop Gateway.
This option lets you allow connection based on computers that clients are connecting from. These computers need to be domain joined and that domain is in some ways related to the domain that the remote desktop gateway is a part of. Click Next.
Accept the default setting for device redirection, and click Next.
Enter the timeout values as per below. Click Next.
After you verify the information on the RD CAP Settings Summary page, then click Install.
Give the policy a name. click Next
I will select the Domain Admins group as I have already selected Domain Admins as the group which can use the Remote Desktop Gateway. Then click Next.
Select Allow users to connect to any network resource (Computer) then click next.
If the remote desktop port on the servers were changed from the default, use this screen to specify the port. Otherwise, select Allow connections only to port 3389. Click Next.
Review RD RAP Summary, then Click Finish
Policy Successfully Created