Skip to main content Open NPS Console
- Open Server Manager > Go to Tools > Select Network Policy and Access Services.
Register NPS in Active Directory (if domain-joined)
- Right-click “NPS (Local)” > Select “Register server in Active Directory”.
Add RD Gateway as a RADIUS Client
- Expand “RADIUS Clients and Servers”.
- Right-click “RADIUS Clients” > Click “New”.
- Fill in the details:
- Friendly Name: RD Gateway
- Address: RD Gateway IP
- Shared Secret: Define a secret (e.g.,
rdg-nps-secret123)
- Click Apply.
Add FreeRADIUS as a Remote RADIUS Server
- Right-click “Remote RADIUS Server Groups” > Click “New”.
- Name the group (e.g., FreeRADIUS Servers).
- Click “Add” and enter:
- Address: (FreeRADIUS IP)
- Authentication Port:
1812 - Shared Secret: Define a secret (e.g.,
nps-freeradius-secret123)
- Click Apply.
Create a Network Policy
- Right-click “Network Policies” > Click “New”.
- Name it (e.g., RDP Policy).
- Type of network access server: Select Remote Desktop Gateway.
- Conditions:
- Add Windows Groups (e.g., Domain Users/Admins).
- Constraints:
- Enable Microsoft Encrypted Authentication version 2 (MS-CHAP-v2)
- Enable Microsoft Encrypted Authentication version (MS-CHAP)
- Allow clients to connect without negotiating an authentication method.
- Settings: Keep as default.
- Click Finish and enable the policy.
- Right-click “Connection Request Policies” > Click “New”.
- Name it (e.g., RDP Policy).
- Type of network access server: Select Remote Desktop Gateway.
- Conditions:
- Add Client IPv4 Address (IP address of the RD Gateway).
- Settings:
- Under Authentication, select “Forward requests to the following remote RADIUS server group for authentication”.
- Choose the Remote RADIUS Server Group created earlier.
Enable Logging
- Go to “Accounting” > Click “Configure Accounting”.
- Select “Log to a text file”.
- Check:
- “Authentication requests”
- “Periodic status”
- Set log location (e.g.,
C:\Windows\System32\LogFiles).
Table of contents