RDP gateway and domain user access restriction
I have a Remote Desktop Server based on Windows Server 2016 using Hyper-V virtual machines. I decided to limit the access of a group of domain users to these virtual machines only.
And I ran into a problem, you just need to add restrictions on the entry on the names of specific machines in the user profile, as the remote desktop gateway stops letting the user in, despite the fact that both the names of the virtual machines and the gateway are recorded in the list of computers available to the user, and in the rules Gateway enabled group with users. And directly, bypassing the gateway or disconnecting it, I can connect to the virtual machine. I tried, for the sake of experiment, to record a test user in the gateway admins, but the situation did not change. And I need to restrict access (because accounts will not be provided to the most reliable individuals) and leave the gateway active. What did I forget to do or was wrong?
It turned out the problem in the very essence of the list of computers: it limits not only the computers ON which you can go, but also FROM which you can go.