(Post courtesy Manoj Ravikumar Nair, who you can follow on his excellent blog at http://www.powershell.ms)

Previous Post: Extending Remote Desktop Services via PowerShell – Part 4

Configuring Remote Desktop Gateway

Now that we have our RDS Farm setup, let’s extend our RDS Farm over the internet by configuring the RD Gateway Role Service.

We will use our PYRAMID Server as our RD Gateway Server.

Using the Add-WindowsFeature, we will install the RD-Gateway Role Service.

Add-WindowsFeature –Name RDS-Gateway –IncludeAllSubFeature



Now that we have the RD Gateway Role Installed, it’s time to a configure it using PowerShell. Start by importing the RemoteDesktopServices Module and then by navigating to the RDS: PS Drive.


As you can see in the screenshot above, there are many settings you can configure via the GatewayServer container. In this blog post, I am going to concentrate on a few important ones.

Creating a Connection Authorization Policy (CAP)

RD CAP has the following configurations


Let’s take a quick look at some of the mandatory properties, AuthMethod and UserGroups



Alright, based on the description and information given above, let’s quickly create a CAP Policy which uses Password Authentication and grants Domain Users access to connect to RD Gateway Server


You can then further drill down and configure additional settings by navigating to the TestCAP Container.

Creating a RAP (Resource Authorization Policies)

RAP has the following configuration Settings


We will take a closer look at the ComputerGroupType Setting


Based on the above information, let’s create a RAP Policy using PowerShell


You can further drill down on the DemoRAP container to configure additional settings.

Next Post: Extending Remote Desktop Services using PowerShell – Part 6