• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 797
  • Last Modified:

Route RDP connections based on username

We have 7 RDP servers named server1, server2, etc.
Users can connect to only one of the seven servers because their data is only stored on that server. It happens sometime that we move a user to another server and that they need to adjust their connection settings.

We don't want our users to connect to a specific server but instead let them connect to a sort of gateway server that redirects them to the right server based on their username.

Is this possible? And if yes: what do we need?

1 Solution
Aaron TomoskyTechnology ConsultantCommented:
Not in my realm of expertise but couldn't you setup dfs so all users could use any server?
mvanrooijAuthor Commented:
No, I don't want all the data on all of our servers.
Is there any reason why you're not using terminal services profiles, instead of storing user data on your servers?
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

mvanrooijAuthor Commented:
Yes, we have enough reasons for not using roaming profiles.
reredokIT ConsultantCommented:
use terminalserver gateway and set the ad-group in policy (it's an connection policy) which user can connect server. this works also with sessionbroker
mvanrooijAuthor Commented:
Would you please explain this a little more?
reredokIT ConsultantCommented:

windows 2008/Windows 2008 R2 Terminal Services Gateway:

1.) Install Terminalserver Terminalservergateway/Remotedesktopgateway (Role)

2.) use a self certificate for testing

3.) Create a Terminal Services Connection Authorization Policies (TS CAPs). You use TS CAPs to specify users and computers that are able to make connections to the TS
Gateway server

4.) Create aTerminal Services Resource Authorization Policies (TS RAPs). A TS CAP specifies which users can connect to the TS Gateway server. A TS RAP specifies
the network resources that users can connect to through TS Gateway. You specify network
resources through an Active Directory security group.

5.) Edit the rdp-Connection or RDP File to use TerminalserverGateway

You need 2 Group of Terminalserver

User1...User10 -> Terminalserver1
User11...User20 -> Terminalserver2

It works great!

mvanrooijAuthor Commented:
Thank you, but unfortunately the Mac version of remote desktop doesn't support ts gateway.
I guess we'll have to wait until ms brings out a new version.
mvanrooijAuthor Commented:
Mac remote desktop won't support this solution.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now