Publishing Remote Desktop Gateway through Web Application Proxy

murat senel blog

If you want to restrict access to your Remote Access Gateway and add pre-authentication for remote access, you can roll it out through Web Application Proxy. This is a really good way to make sure you have rich pre-authentication for RDG including MFA. Publishing without pre-authentication is also an option and provides a single point of entry into your systems.

How to publish an application in RDG using Web Application Proxy pass-through authentication

  1. Installation will be different depending on whether your RD Web Access (/rdweb) and RD Gateway (rpc) roles are on the same server or on different servers.

  2. If the RD Web Access and RD Gateway roles are hosted on the same RDG server, you can simply publish the root FQDN in Web Application Proxy such as, https://connect.abc.com/.

    You can also publish the two virtual directories individually e.g. https://connect.abc.com/rdweb/ and https://connect.abc.com/rpc/.

  3. If the RD Web Access and the…

View original post 137 more words

Install Remote Desktop Gateway on Windows 2016

GrumpySysAdmin Blog

Below is a step by step to getting a basic RDS gateway configured. There are additional steps and considerations that you may need to consider for your environment. In this example I am using port forwarding into my test lab, but you will want to consider where this server should be placed in your network and ensure proper firewalls are configured.

What is a Remote Desktop Gateway?

A RD Gateway allows remote users the ability to connect to internal network resources from outside the corporate network without utilizing a VPN. These internal resources can be on private or on a NAT network. The connectivity is achieved by transmitting RDP over a SSL tunnel using port 443. A RD Gateway server has a variety of authorization policies that allow you to control configuration for:

  • What groups of users can utilize the RD Gateway.
  • What computers or internal resources the authorized users…

View original post 446 more words

Configure “Connect to a Remote Computer” in RDWeb 2012

Ryan Mangan's IT Blog

To use the “connect to a Remote Computer” feature in RDS 2012 you would need to add the RD gateway address to the settings on the web access server.

To do this you would need to open up IIS in the RDweb Server.

Expand the default Website

Select “Pages

Select “Application Settings

Then open up the “DefaultTSGateway

Enter the external address (FQDN) of the RD Gateway in the Value Field.

RDgate1

Select Application Settings

RDgate2

Enter the external RD Gateway FQDN.

RDgate3

You will now be able to remote to devices using the Web interface.

View original post

Deploying Remote Desktop Gateway RDS 2012

Ryan Mangan's IT Blog

What is a Remote Desktop Gateway

A Remote Desktop Gateway Server enables users to connect to remote computers on a corporate network from any external computer. The RD Gateway uses the Remote Desktop Protocol & the HTTPS Protocol to create a secure encrypted connection.

A 2012 RD Gateway server uses port 443 (HTTPS), which provides a secure connection using a Secure Sockets Layer (SSL) tunnel.

A Remote Desktop Gateway Provides The following Benefits:

  • Enables Remote Desktop Connections to a corporate network without having to set up a virtual private network (VPN).
  • Enables connections to remote computers across firewalls.
  • Allows you to share a network connection with other programs running on your computer. This enables you to use your ISP connection instead of your corporate network to send and receive data over a remote connection.

http://windows.microsoft.com/en-us/windows7/what-is-a-remote-desktop-gateway-server

Please see the following linkFor more information on deploying a Gateway on the perimeter network: 

View original post 459 more words

Step by Step Server 2016 Remote Desktop Services QuickStart Deployment #RDS #VDI #RDP #RemoteApp

Robert Smit MVP Blog

Setting up a RDS Farm is not that hard but anyway I created a step by step guide to build a Windows Server 2016 Remote Desktop Services deployment.

there is a new feature in the Windows Server 2016 RDS : Full OpenGL support with RDS for VDI scenarios.

And Yes you can use the Quickstart but I’m not using this in this demo setup. I tried to do a complete setup,but doing this I noticed that I’m constantly expanding this demo with new options so. I’ll keep this pure to the setup and some PowerShell basics.

Quick Start is an option in RDS deployment during the process of adding roles and features with Windows Server 2012 Service Manager. It dramatically simplifies the deployment process and shortens go-to-market while still providing the ability to add additional RDS servers as needed. The abstraction formed by RDWA, RDCB, and RDSH offers such elegancy…

View original post 1,189 more words

Puppet – Join machine to the Windows AD Domain

geekdudes

install powershell module

puppet module installpuppetlabs-powershell
Under modules/module name/manifests folder create manifest file,password is encrypted with Hiera,after machine is joined to domain, it will be rebooted.
class domain_membership (
  $domain = 'ad.contoso.com',
  $username = 'administrator',
  $password = lookup('password'),
  $secure_password = false,
  $machine_ou      = 'OU=test,DC=ad,DC=contoso,DC=com',
  
){

$code = " 
$secStr=ConvertTo-SecureString '${password}' -AsPlainText -Force; 
if (-not $?) { 
write-error 'Error: Unable to convert password string to a secure string'; 
exit 10; 
} 
$creds=New-Object System.Management.Automation.PSCredential( '${username}', $secStr ); 
if (-not $?) { 
write-error 'Error: Unable to create PSCredential object'; 
exit 20; 
} 
Add-Computer -DomainName ${domain} -OUPath $_machine_ou -Restart -Force -Cred $creds; 
if (-not $?) { 
write-error 'Error: Unable to join domain'; 
exit 30; 
} 
exit 0"

#
# Use the Josh Cooper PowerShell provider
#
exec { 'join_domain':

command => $code,
provider => powershell,
logoutput => true,
unless => "if ((Get-WMIObject Win32_ComputerSystem).Domain -ne '${domain}') { exit 1 }",
}

}

View original post

How to increase disk size of Trend Micro IWSVA (InterScan Web Security Virtual Appliance)

vTechDummies

Trend Micro IWSVA is a web proxy that has lots of security feature such as antivirus, antimalware, but it is also a web filter, similar to WebSense Web Filter where URL categories can be blocked to protect the end users, and of course to avoid browsing non-productive web sites inside the company. However, if you download the VMware image, the disk image is quite small and could get full easily if your environment has lots of user and HTTP traffic to process, and of course, logs as well.

Below is a procedure to increase the disk size in a VMware vSphere environment.

1. Check first the partition disk size usage using the command: df -lh

The most common partition that becomes full is: /dev/mapper/IWSVA-app_data

2. Check the directory sizes that are mounted on /dev/mapper/IWSVA-app_data such as:

* /var
* /var/iwss/tmp/tmpfs
* /var/iwss/tmp/v_tmpfs

The most common directory inside /var that becomes…

View original post 327 more words

Best practices for DNS settings on DC and domain members.

ABHIJIT'S BLOG

Information:
The following information explains the Best practices for DNS client settings on Domain Controller and Domain Member.

Domain controller with DNS installed:
On a domain controller that also acts as a DNS server, recommended that you configure the domain controller’s DNS client settings according to these specifications:

IP configuration on domain controller:

  • In single DC/DNS in a domain environment,  DC / DNS server points to its private IP address (not to loopback 127.x.x.) as preferred DNS server in TCP/IP property.
  • If multiple DCs that’s the DNS servers are in a domain environment, recommendation to have all DCs point to ANOTHER/REMOTE DC’s IP address as preferred DNS and then point to it’s private IP address as an alternate DNS.
  • Each DC has just one IP address and one network adapter is enabled (disable unused NICs).
  • IPv6 should not be disabled on DC’s NIC card. Set it to “obtain IPV6 address automatically” and “obtain…

View original post 186 more words