Q. Why would I use a TS Gateway–managed computer group?

A. A Terminal Services resource authorization policy (TS RAP) lets you configure the targets you can connect to via a TS Gateway. You can use an Active Directory (AD) group that contains a list of computer accounts that you could include in the TS RAP, but how do you specify the name of a terminal server farm in the policy? A farm of terminal servers has a name that wouldn’t exist as a computer object. Thus, if you used an AD group, the server farm would not be found and access would be denied if you tried to connect to it via a TS Gateway.

The TS Gateway–managed computer group checks the target name specified against a list of names configured in the TS Gateway–managed computer group. You can add the name of a terminal server farm to the TS Gateway–managed computer group and thereby allow access to the farm as a TS Gateway target. When you use the TS Gateway–managed computer group, you must enter every name that might be used for the farm (e.g., Fully Qualified Domain Names, NetBIOS format names).