In the Enter a Name for the TS CAP field, enter Domain User Access, and then
click Next (Figure 9-20).
7. On the Requirements screen, make sure that Password is checked and
Smartcard is unchecked (unless of course you use smart cards).
8. Click the Add Group button next to the User Group Membership list box. Enter
TESTDOM\Domain Users, and then click OK (Figure 9-21). If you logged in
locally, you will need to enter domain credentials at this point. Click Next to
continue.
9. On the Device Redirection screen, make sure that Enable Device Redirection
for All Client Devices is selected, as shown in Figure 9-22. Then click Next.
10. Review the TS CAP summary and click Finish to create the policy.
11. Click Close on the Confirm Policy Creation screen.
Figure 9-20. Specifying the policy name
311 Chapter 9: Terminal Services
Configuring Resource Authorization Policies
CAPs perform a very limited function: They are designed to allow access to the TS Gateway.
To access resources behind the gateway, those resources must be listed in the RAPs.
In this example, we configure a local resource group to include all our terminal servers
??”which in this case consists of only WIN2K8TS??”and then allow any member of the
Domain Users group to connect to it.
1. Using Active Directory Users and Computers, create a new Computer Group
called TS Servers, and then add WIN2K8TS to this group.
Pages:
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350