Configuring the Windows Server Terminal Services GatewayWord文档下载推荐.docx
- 文档编号:16657745
- 上传时间:2022-11-25
- 格式:DOCX
- 页数:38
- 大小:886.30KB
Configuring the Windows Server Terminal Services GatewayWord文档下载推荐.docx
《Configuring the Windows Server Terminal Services GatewayWord文档下载推荐.docx》由会员分享,可在线阅读,更多相关《Configuring the Windows Server Terminal Services GatewayWord文档下载推荐.docx(38页珍藏版)》请在冰豆网上搜索。
∙SecurityTests
∙Services
∙Software
∙White
Papers
TopofForm
SiteSearch
AdvancedSearch
BottomofForm
ConfiguringtheWindowsServer2008TerminalServicesGateway(Part2)
HowtoinstallandconfiguretheTSGatewayandtheRDPclient;
makingandtestingtheconnection.
IfyoumissedthefirstpartinthisarticleseriespleasereadConfiguringtheWindowsServer2008TerminalServicesGateway(Part1)
Inthefirstpartofthisarticleseries,wedidabasicinstallationofTerminalServicesandTerminalServiceslicensingandconfiguretheTerminalServerlicensingmode.Inthis,parttwoofthearticleseries,wewillfinishupbyinstallingandconfiguringtheTSGatewayandtheRDPclient.Thenwewillmaketheconnectionandseeitwork.
InstalltheTerminalServicesGatewayServiceontheTerminalServicesGateway
NowwewillmoveourattentiontotheTerminalServicesGatewaycomputer.ThisisthemachinethatexternalclientswillinitiallyconnecttowhenmakingtheirTerminalServicesclientconnections.
PerformthefollowingstepstoinstalltheTerminalServicesGatewayontheTerminalServicesGatewaycomputer:
1.OpenServerManagerontheTerminalServicesGatewaycomputer.ClickontheRolesnodeintheleftpaneoftheconsoleandthenclicktheAddRolelinkintherightpane.
2.ClickNextontheBeforeYouBeginpage.
3.OntheSelectServerRolespage,putacheckmarkintheTerminalServicescheckbox.
4.OntheTerminalServicespage,clickNext.
5.OntheSelectRoleServicespage,putacheckmarkintheTSGatewaycheckbox.YouwillthenseeanAddRolesWizarddialogboxaskingifyouwanttoAddroleservicesandfeaturesrequiredforTSGateway.ClicktheAddRequiredRoleServicesbutton.
Figure1
6.ClickNextontheSelectRoleServicespage.
7.OntheChooseaServerAuthenticationCertificateforSSLEncryptionpage,selecttheChooseacertificateforSSLencryptionlateroption.WechoosethisoptionbecausewehavenotyetcreatedacertificatefortheTSGatewaytousefortheSSLconnectionbetweenitselfandtheRDPclient.WewillaskforthiscertificatelaterandthenconfigureTSGatewaytousethecertificate.ClickNext.
Figure2
8.OntheCreateAuthorizationPoliciesforTSGatewaypage,selecttheLateroption.WeselectthisoptionbecauseIwanttotakeyouintotheTSGatewayconsoleandshowyouhowtoconfigureauthorizationpoliciesintheconsole.ClickNext.
Figure3
9.ClickNextontheNetworkPolicyandAccessServicespage.
10.OntheSelectRoleServicespage,confirmthattheNetworkPolicyServercheckboxischecked.ClickNext.
Figure4
11.OntheWebServer(IIS)page,clickNext.
12.OntheSelectRoleServicespage,acceptthedefaultroleservicesselectedbythewizard.ThesearetheservicesrequiredtoruntheTSGatewayservice.ClickNext.
Figure5
13.ReviewtheinformationontheConfirmInstallationSelectionspageandclickInstall.
Figure6
14.ClickCloseontheInstallationResultspagewhichshowsthattheinstallsucceeded.
RequestaCertificatefortheTerminalServicesGateway
NowwecanrequestacertificatethattheTSGatewayWebsitecanusetoestablishtheSSLconnectionwiththeRDPclient.
PerformthefollowingstepstorequestthecertificatefortheTSGatewaycomputer:
1.FromtheAdministrativeToolsmenu,clickInternetInformationServices(IIS)Manager.
2.IntheInternetInformationServices(IIS)Managerconsole,clickontheservernameintheleftpaneoftheconsole.DoubleclicktheServerCertificatesiconinthemiddlepaneoftheconsole.
Figure7
3.Intherightpaneoftheconsole,clicktheCreateDomainCertificatelink.
Figure8
4.OntheDistinguishedNamePropertiespage,entertheinformationspecifiedonthispage.ThemostimportantentryistheCommonnameentry.ThenameyouenterheremustbethesamenamethattheTerminalServicesclientisconfiguredtousetocontacttheTSGatewaycomputer.ThisisalsothenamethatyourpublicDNSserverswouldbeconfiguredtoprovidethepublicaddressthatallowsaccesstotheTSGateway.Inmostcases,thiswillbearouterorNATdevice’sexternalinterface,orperhapstheexternalinterfaceofanadvancedfirewall,suchastheMicrosoftISAFirewall.ClickNext.
Figure9
5.OntheOnlineCertificationAuthoritypage,clicktheSelectbutton.IntheSelectCertificationAuthoritydialogbox,selectthenameoftheEnterpriseCAthatyouwanttoobtainthecertificatefrom.Remember,weareabletoobtainthisdomaincertificateandautomaticallyinstallitbecauseweareusinganEnterpriseCA.IfyouwereusingastandaloneCA,youwouldhavetosufferfromusingtheWebenrollmentsite,andthatwouldonlybeafteryoucreatedanofflinerequest,andthenyouwouldhavetomanuallyinstallthecomputercertificate.ClickOKafterselectingtheEnterpriseCA.
Figure10
6.EnteraFriendlynameontheOnlineCertificationAuthoritypage.InthisexamplewewillgivethecertificateafriendlynameofTSGCert.ClickFinish.
Figure11
7.Afterreceivingthecertificate,youwillseecertificaterelatedinformationinthemiddlepaneoftheconsole.Ifyoudoubleclickthecertificate,youwillseetheCertificatedialogbox,whichshowsyouthecommonnameintheIssuedtofieldandthefactthatYouhaveaprivatekeythatcorrespondstothiscertificate.Thisiscrucial,sincethecertificatewillnotworkifyoudonothaveaprivatekey.ClickOKtoclosetheCertificatedialogbox.
Figure12
ConfigureTerminalServicesGatewaytoUsetheCertificate
Withthecertificatenowinstalledinthemachine’scomputercertificatestore,youcanassigntheTSGatewaytousethiscertificate.
PerformthefollowingstepstoconfiguretheTSGatewaytousethiscertificate:
1.IntheAdministrativeToolsconsole,clicktheTerminalServicesentryandthenclickTSGateway.
2.IntheTSGatewayManager,clickthenameoftheTSGatewaycomputerintheleftpaneoftheconsole.Themiddlepaneprovidesusefulinformationaboutconfigurationstepsthatneedtobecompletedinordertofinishthesetup.ClicktheViewormodifycertificatepropertieslink.
Figure13
3.InthePropertiesdialogboxfortheTSGateway,ontheSSLCertificatetab,confirmthattheSelectanexistingcertificateforSSLencryptionisenabledandthenclicktheBrowseCertificatesbutton.ThisbringsuptheInstallCertificatedialogbox.Clickthecertificate,whichisinthiscase,tsg.msfirewall.organdthenclicktheInstallbutton.
Figure14
4.TheSSLCertificatetabnowshowsinformationaboutthecertificatethattheTSGatewaywillusetoestablishSSLconnections.ClickOK.
Figure15
5.Thecontentsofthemiddlepanechange,reflectingthefactthatthecertificateisnowinstalledontheTSGateway.However,wenowseeintheConfigurationStatussectionthatweneedtocreatebothaconnectionauthorizationpolicyandaresourceauthorizationpolicy.
Figure16
CreateaTerminalServicesGatewayCAP
Aconnectionauthorizationpolicy(CAP)allowsyoutocontrolwhocanconnecttotheTerminalServerthroughtheTerminalServicesGateway.
Performthefollowingstepstocreateaconnectionauthorizationpolicy:
1.Intheleftpaneoftheconsole,clicktheConnectionAuthorizationPoliciesnodethatliesunderthePoliciesnode.Intherightpaneoftheconsole,clickthearrowtotherightofCreateNewPolicyandthenclickWizard.
Figure17
2.OntheAuthorizationPoliciespage,selecttheCreateonlyaTSCAPoption.ClickNext.
Figure18
3.OntheConnectionAuthorizationPolicypage,enteranamefortheCAP.InthisexamplewewillnametheCAPGeneralCAP.ClickNext.
Figure19
4.OntheRequirementspage,putacheckmarkinthePasswordcheckbox.IfyouplanonusingSmartcardauthentication,thenyouwouldselecttheSmartcardoption.NowyouneedtoconfigurewhatgroupscanaccesstheTerminalServerthroughtheTSGateway.Todothis,clicktheAddGroupbutton.IntheSelectGroupsdialogbox,enterthenameofthegroupyouwanttoallowaccessandclickCheckNames.Inthisexample,enterDomainUsersandthenclickOK.
Figure20
5.NoticeontheRequirementspagethatyoualsohaveanoptiontocreatecomputergroupsandallowaccessonlytospecifiedcomputers.Wewillnotconfigurethatoptioninthisexample.ClickNext.
Figure21
6.OntheDeviceRedirectionpage,selecttheEnabledeviceredirectionforallclientdevicesoption.Notethatifyouwantahighersecurityenvironment,youmightconsiderselectingtheDisabledeviceredirectionforthefollowingclientdevicetypesandthenselecttheDrivesandClipboardoptions.Forevenhighersecurity,youmightevenselecttheDisabledeviceredirectionforallclientdevicesexceptforsmartcards.ClickNext.
Figure22
7.OntheSummaryofTSCAPSettingspage,readtheresultsofyourselectionsandthenclickFinish.
Figure23
8.ClickCloseontheConfirmPolicyCreationpage.
CreateaTerminalServicesGatewayRAP
ThenextpolicyweneedtocreateisaResourceAuthorizationPolicyorRAP.RAP’sareusedtocontrolwhichTerminalServerscanbeaccessedthroughtheTerminalServicesGateway.
PerformthefollowingstepstocreatetheRAP:
1.ClickontheResourceAuthorizationPoliciesnodeintheleftpaneoftheTSGatewayManagerconsole.Intherightpaneoftheconsole,clickthearrowsittingtotherightoftheCreateNewPolicylinkandthenclickWizard.
Figure24
2.OntheAuthorizationPoliciespage,
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Configuring the Windows Server Terminal Services Gateway
链接地址:https://www.bdocx.com/doc/16657745.html