Policy

Enable connection through RD Gateway

Microsoft Windows

Back to RD GatewayBack to main
Enable connection through RD Gateway
Jump to overview

Policy overview

Key metadata and intent for this policy.

User
Category
Windows Components > Remote Desktop Services > RD Gateway
Supported on
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP

If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default. If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.

Internal name
TS_GATEWAY_POLICY_ENABLE
Policy ID
81c43b9b93b4
Elements
1

Registry values

How enabled and disabled states update the registry.

ScopeRegistry locationTypeEnabled valueDisabled valueCopy
User
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
UseProxy
REG_DWORD
HKCU
1
HKCU
0
Registry location
Type REG_DWORD · User
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
UseProxy
Hive
HKCU
Enabled value
1
Disabled value
0

Policy elements

Inputs and configuration options exposed by this policy.

ScopeElementTypeRegistry mappingConstraints & behaviorCopy
User
Allow users to change this setting
ID TS_GATEWAY_OVERRIDE
boolean
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
AllowExplicitUseProxy
Type
REG_DWORD
Options: true (1), false ()
True: Set value = 1 · False: None
Allow users to change this setting
User · Type boolean
Registry mapping
Path
SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
Value name
AllowExplicitUseProxy
Type
REG_DWORD
Details
Options: true (1), false ()
True: Set value = 1 · False: None