Tuesday, July 7, 2009

Configuring Terminal Services Gateway using WMI


This article is about WMI and Terminal Services Gateway. You can find a way to manage your TS Gateway server remotely by using WMI. Here I describe two methods, to add and to remove a Resource Authorization Policy (RAP). All code blocks are picked from proof-of-concept demo and they do not represent "in production" state of the code.


Employees that are away from the office premises are in constant need of accessing internal resources. Letting people to access their own office computer gives most familiar feeling while being away. Opening such a connections from the Internet some measures to secure, manage and handle these connection were needed. To do this without burdening the administrators, an automatic service that does the Terminal Services Gateway configuration for the end-user was developed. This article shows a way to manage one part of TS Gateway server configuration.

Using the Code

System.Management namespace needs to be added before the code works. Also the methods expect you to have a user gorup on your server. Name of the group in this case is 'RAP_TEST'. If you are part of a domain or if you have an active directory service running, you can use 'DOMAIN\UserGroup' like groups as well.

RAP_TEST group on a server

When executing the code, be aware that the authetication level of PacketPrivacy can not be achieved locally. This meaning that you are not able to run the code on the server you are trying to configure.

First, I start with code that uses the class descibed later on. This is a simple loop that adds 100 RAPs to the server.

See full detail: http://www.codeproject.com/KB/dotnet/TSGWConnector.aspx