10 August 2010

Granting Remote Desktop Access to your FTMG or FUAG server.

Generally the first thing we as administrators want to do after building a server is to return back to our desks and remote desktop the our fresh new server.

When we are dealing with Forefront Unified Access Gateway and or Forefront Threat Management Gateway we need to remember that by default Remote desktop access is only allowed to selected machines. 

UAG uses the TMG firewall to protect and secure itself.  So it is just logical that alot fo thing that need to be done to make a TMG server useful also need to be done to a UAG server, although most of it should be automated.

Firstly - remember to allow remote desktop connection from the Computer Properties / Remote tab. and check that the user account you want to use is in the administrators group or at least the remote desktop users group.

Now we need to open up the firewall to allow the remote desktop connection (RDP) through.

OPen the TMG management console.  Click on the Firewall Policy.  On the right hand side scroll down and select Edit system policy.

A windows will open up Under the Remote Management section there is an item for Terminal server. The general tab should sow that "Enable this configuration group" is checked.  On the From tab there is a location field.
By default it should contain:

"Enterprise Remote Management Computers"
"Remote Management Computers"

You can add your machine to one of the groups and you should be able to RDP to the server - once the changes has been applied.   For testing purposes you might have a lab setup and you can then add your Internal network if you wish  - but this should never be done in your production environment.

1 comment:

Anonymous said...

This worked very vell. RDP stopped working on my server once I secured inbound trafic in TMG. Your solution solved the situation and I wouldn't have found it by myself. Thank you very much.

Post a Comment