Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

How To Set Up Remote Desktop Gateway

How To Set Up Remote Desktop Gateway blog banner image

The modern work environment is no longer confined to the traditional office space. Whether working from home, traveling, or in satellite offices, employees need seamless and secure access to internal network resources. Remote access solutions bridge the geographical gap, enabling users to connect to the corporate network from virtually anywhere. 

While various remote access solutions exist, Microsoft’s Remote Desktop Gateway (RD Gateway) is key in providing secure access to remote desktops and internal resources. This guide will help you understand RD Gateway, offer a step-by-step approach to configuration, provide an overview of security considerations, and discuss how best to address common issues.

What is RD Gateway?

RD Gateway, or Remote Desktop Gateway, is a role service in Windows Server that enables authorized remote users to connect to resources within an internal corporate network over a secure channel. It acts as an intermediary between remote desktop clients and the target internal network, ensuring that connections are authenticated, encrypted, and routed through a secure tunnel.

It acts as a gateway between the public internet and the internal network, shielding it against unauthorized access. 

Reasons to use Remote Desktop Gateway

There are several reasons an organization may elect to use RD Gateway to manage remote server connectivity. These include:

  • Securing access to internal resources: RD Gateway ensures secure access to internal resources by authenticating users and routing connections through a common location. This is particularly crucial when dealing with sensitive information or compliance requirements.
  • Encryption and data protection: RD Gateway encrypts data transmitted using the Remote Desktop Protocol (RDP) with HTTPS, preventing unauthorized interception and ensuring the confidentiality and integrity of information transmitted between the client and the internal network.
  • Centralized access control and auditing: Administrators can establish centralized access controls, defining user permissions and groups. Additionally, RD Gateway provides robust auditing features, allowing organizations to monitor and track user activities for compliance and security purposes.
  • Simplified remote desktop configuration: RD Gateway simplifies the configuration of remote desktop connections by acting as a mediator between remote clients and internal resources. This eliminates the need for complex networking setups and facilitates a streamlined user experience.
  • Enhanced user experience and productivity: By providing a secure and seamless connection to internal resources, RD Gateway enhances user experience, promotes productivity among remote employees, and reduces potential connectivity issues.

How Remote Desktop Gateway works

RD Gateway acts as an intermediary, mediating connections between remote desktop clients and internal resources. It authenticates users, ensures secure data transmission, and facilitates the seamless flow of information between the remote client and the internal network.

Employing a two-step authentication ensures that users are first authenticated through a secure login process and, once authenticated, the RD Gateway verifies the user’s authorization to access the requested internal resources.

Connections to the internal network are tunneled through a secure channel using the HTTPS protocol. This ensures that data transmitted between the client and the internal network is encrypted, safeguarding it from potential eavesdropping or tampering.

RD Gateway is compatible with a wide range of remote desktop clients, including the native Windows Remote Desktop Connection client, third-party applications, and even mobile devices. RD Gateway supports load balancing for organizations with high traffic volumes to distribute incoming connections across multiple servers, ensuring optimal performance and availability.

Installing RD Gateway

Before setting up RD Gateway, ensure that your network infrastructure meets the necessary requirements. This includes having a Windows Server environment, properly configured DNS, and the required firewall rules to allow traffic to and from the RD Gateway server. With the prerequisites covered, we can progress to installing the RD Gateway Role on a Windows Server:

  1. Open server manager: Launch Server Manager on your Windows Server.
  2. Add roles and features: Navigate to the “Manage” menu and select “Add Roles and Features.”
  3. Role-based or feature-based installation: Choose “Role-Based or Feature-Based Installation” and select the appropriate server.
  4. Select RD Gateway: In the “Select server roles” section, locate and select “Remote Desktop Services” and “Remote Desktop Gateway.” Follow the on-screen prompts to complete the installation.

After installing the RD Gateway role, configure the server credentials to ensure secure authentication. This involves obtaining and installing an SSL certificate for the RD Gateway server. Once a certificate has been acquired and installed on the server, install it by opening the RD Gateway Manager, navigating to the server node, and selecting the “Properties” option. Under the “SSL Certificate” tab, select the installed SSL certificate.

RD Gateway configuration best practices

Once RD Gateway has been installed, several configuration steps are required to align with remote access best practices:

Establish Remote Desktop Gateway policies

Define Remote Desktop Gateway policies to control user access, connection parameters, and security settings. Launch the RD Gateway Manager and navigate to the “Policies” node. Right-click, and select “Create New Authorization Policies.” Follow the prompts to define access policies based on user groups, resource authorization, and connection parameters.

Define user access permissions and groups

Configure user access permissions and groups to determine who can connect to RD Gateway and the internal resources. Navigate to “Server Manager” and select “Remote Desktop Services” from the left-hand menu. Under the “Collections” node, select the collection you want to configure. In the “Tasks” pane, click on “Edit properties,” and under the “User Groups” tab, define the user groups allowed to connect.

Customize RD Gateway properties

Customize RD Gateway properties to align with your organization’s requirements and security policies. Launch the RD Gateway Manager, navigate to the server node, right-click, and select “Properties.” Adjust settings such as timeout periods, device redirection, and logging options to match your organization’s needs.

Troubleshooting common configuration issues

If errors or difficulties arise during or after the setup process, check the Event Viewer for any RD Gateway-related events or errors. This can provide insights into potential issues. 

A common RD Gateway, resulting in a total service outage, is related to SSL certificate expiration. Regularly monitor the expiry date of your SSL certificate and configure reminders to allow sufficient time for a new certificate to be secured and installed before the existing one expires to prevent connectivity issues.

Embrace the full potential of RD Gateway

Setting up a Remote Desktop Gateway is a crucial step in establishing a secure and efficient remote access infrastructure. By following the guidance offered above to achieve proper setup, maintenance, and operation of RD Gateway as a reliable remote access mechanism, organizations can embrace the full potential of RD Gateway.

RD Gateway plays a pivotal role in ensuring encrypted and authenticated connections, allowing organizations to embrace remote work without compromising security.

NinjaOne Remote is NinjaOne’s remote access tool integrated directly into NinjaOne RMM. Built from the ground up, it offers a strong and secure RDP tool using our own gateway. Watch a demo or sign up for a free trial to see Ninja Remote in action. 

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about Ninja Endpoint Management, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).