{
	"id": "0bf8177e-0b5d-4949-aae6-2f793832a9f7",
	"created_at": "2026-04-06T03:37:50.203928Z",
	"updated_at": "2026-04-10T03:20:22.323215Z",
	"deleted_at": null,
	"sha1_hash": "dd65083617e9110983e2d0f941929e765af49a4d",
	"title": "Overview of Remote Desktop Gateway",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43550,
	"plain_text": "Overview of Remote Desktop Gateway\r\nBy Archiveddocs\r\nArchived: 2026-04-06 03:34:52 UTC\r\nApplies To: Windows Server 2008 R2\r\nRemote Desktop Gateway (RD Gateway) is a role service that enables authorized remote users to connect to\r\nresources on an internal corporate or private network, from any Internet-connected device that can run the Remote\r\nDesktop Connection (RDC) client. The network resources can be Remote Desktop Session Host (RD Session\r\nHost) servers, RD Session Host servers running RemoteApp programs, or computers with Remote Desktop\r\nenabled.\r\nRD Gateway uses the Remote Desktop Protocol (RDP) over HTTPS to establish a secure, encrypted connection\r\nbetween remote users on the Internet and the internal network resources on which their productivity applications\r\nrun.\r\nRD Gateway provides many benefits, including:\r\nRD Gateway enables remote users to connect to internal network resources over the Internet, by using an\r\nencrypted connection, without needing to configure virtual private network (VPN) connections.\r\nRD Gateway provides a comprehensive security configuration model that enables you to control access to\r\nspecific internal network resources. RD Gateway provides a point-to-point RDP connection, rather than\r\nallowing remote users access to all internal network resources.\r\nRD Gateway enables most remote users to connect to internal network resources that are hosted behind\r\nfirewalls in private networks and across network address translators (NATs). With RD Gateway, you do not\r\nneed to perform additional configuration for the RD Gateway server or clients for this scenario.\r\nPrior to this release of Windows Server, security measures prevented remote users from connecting to\r\ninternal network resources across firewalls and NATs. This is because port 3389, the port used for RDP\r\nconnections, is typically blocked for network security purposes. RD Gateway transmits RDP traffic to port\r\n443 instead, by using an HTTP Secure Sockets Layer/Transport Layer Security (SSL/TLS) tunnel. Because\r\nmost corporations open port 443 to enable Internet connectivity, RD Gateway takes advantage of this\r\nnetwork design to provide remote access connectivity across multiple firewalls.\r\nThe Remote Desktop Gateway Manager enables you to configure authorization policies to define\r\nconditions that must be met for remote users to connect to internal network resources. For example, you\r\ncan specify:\r\nWho can connect to internal network resources (in other words, the user groups who can connect).\r\nWhat network resources (computer groups) users can connect to.\r\nhttps://technet.microsoft.com/en-us/library/cc731150.aspx\r\nPage 1 of 2\n\nWhether client computers must be members of Active Directory security groups.\r\nWhether device redirection is allowed.\r\nWhether clients need to use smart card authentication or password authentication, or whether they\r\ncan use either method.\r\nYou can configure RD Gateway servers and Remote Desktop Services clients to use Network Access\r\nProtection (NAP) to further enhance security. NAP is a health policy creation, enforcement, and\r\nremediation technology that is included in Windows Server® 2008 R2, Windows Server® 2008,\r\nWindows® 7, Windows Vista®, and Windows® XP Service Pack 3. With NAP, system administrators can\r\nenforce health requirements, which can include software requirements, security update requirements,\r\nrequired computer configurations, and other settings.\r\nNote\r\nComputers running Windows Server 2008 R2 or Windows Server 2008 cannot be used as NAP clients when RD\r\nGateway enforces NAP. Only computers running Windows 7, Windows Vista, or Windows XP SP3 can be used as\r\nNAP clients when RD Gateway enforces NAP.\r\nFor information about how to configure RDGateway to use NAP for health policy enforcement for Remote Desktop S\r\n \r\nYou can use RD Gateway server with Microsoft Internet Security and Acceleration (ISA) Server to\r\nenhance security. In this scenario, you can host RD Gateway servers in a private network rather than a\r\nperimeter network, and host ISA Server in the perimeter network. The Secure Sockets Layer (SSL)\r\nconnection between the Remote Desktop Services client and ISA Server can be terminated at the ISA\r\nServer, which is Internet-facing.\r\nFor information about how to configure ISA Server as an SSL termination device for RD Gateway server\r\nscenarios, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter\r\n(https://go.microsoft.com/fwlink/?linkid=140433).\r\nRemote Desktop Gateway Manager provides tools to help you monitor RD Gateway server status and\r\nevents. By using Remote Desktop Gateway Manager, you can specify events (such as unsuccessful\r\nconnection attempts to the RD Gateway server) that you want to monitor for auditing purposes.\r\nRemote Desktop Gateway Manager\r\nSource: https://technet.microsoft.com/en-us/library/cc731150.aspx\r\nhttps://technet.microsoft.com/en-us/library/cc731150.aspx\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://technet.microsoft.com/en-us/library/cc731150.aspx"
	],
	"report_names": [
		"cc731150.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775446670,
	"ts_updated_at": 1775791222,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dd65083617e9110983e2d0f941929e765af49a4d.pdf",
		"text": "https://archive.orkl.eu/dd65083617e9110983e2d0f941929e765af49a4d.txt",
		"img": "https://archive.orkl.eu/dd65083617e9110983e2d0f941929e765af49a4d.jpg"
	}
}