Edit

Share via

Win32_TSGatewayConnectionAuthorizationPolicy class

  • Article

Describes a Remote Desktop connection authorization policy (RD CAP). RD CAPs are used to determine whether a user is allowed to connect to the Remote Desktop Gateway (RD Gateway) server.

Syntax

[dynamic, provider("AAGProvider"), AMENDMENT]
class Win32_TSGatewayConnectionAuthorizationPolicy
{
  string  Name;
  uint32  Order;
  boolean SmartcardAllowed;
  boolean PasswordAllowed;
  boolean SecureIdAllowed;
  boolean CookieAuthenticationAllowed;
  boolean Enabled;
  uint32  IdleTimeout;
  uint32  SessionTimeout;
  uint32  SessionTimeoutAction;
  uint32  DeviceRedirectionType;
  boolean DiskDrivesDisabled;
  boolean PrintersDisabled;
  boolean SerialPortsDisabled;
  boolean ClipboardDisabled;
  boolean PlugAndPlayDevicesDisabled;
  string  UserGroupNames;
  string  ComputerGroupNames;
  boolean HasNapAttributes;
  boolean AllowOnlySDRServers;
};

Members

The Win32_TSGatewayConnectionAuthorizationPolicy class has these types of members:

Methods

The Win32_TSGatewayConnectionAuthorizationPolicy class has these methods.

Method Description
AddComputerGroupNames Adds the specified computer group names to the ComputerGroupNames property.
AddUserGroupNames Adds the specified user group names to the UserGroupNames property.
Create Creates an RD CAP.
Delete Deletes the current RD CAP.
DisableClipboard Sets the ClipboardDisabled property.
DisableDiskDrives Sets the DiskDrivesDisabled property.
DisablePlugAndPlayDevices Sets the PlugAndPlayDevicesDisabled property.
DisablePrinters Sets the PrintersDisabled property.
DisableSerialPorts Sets the SerialPortsDisabled property.
EnableAllowOnlySDRServers Used to toggle the AllowOnlySDRServers property
Windows Server 2008: This method is not available before Windows Server 2008 R2.
MoveDown Moves the current RD CAP one position down in the list.
MoveUp Moves the current RD CAP one position up in the list.
RemoveComputerGroupNames Removes the specified computer group names from the ComputerGroupNames property.
RemoveUserGroupNames Removes specified user group names from the UserGroupNames property.
SetComputerGroupNames Sets the ComputerGroupNames property.
SetCookieAuthenticationAllowed Sets the CookieAuthenticationAllowed property.
Windows Server 2008: This method is not available.
SetDeviceRedirectionType Sets the DeviceRedirectionType property.
SetEnabled Enables or disables the current RD CAP.
SetIdleTimeout Sets the IdleTimeout property.
Windows Server 2008: This method is not available before Windows Server 2008 R2.
SetName Sets a new name for this RD CAP. This method ensures that names will be unique.
SetPasswordAllowed Sets the PasswordAllowed property.
SetSecureIdAllowed Sets the SecureIdAllowed property.
Windows Server 2008: This method is reserved for future use.
SetSessionTimeout Sets the SessionTimeout and SessionTimeoutAction properties.
Windows Server 2008: This method is not available before Windows Server 2008 R2.
SetSmartcardAllowed Sets the SmartcardAllowed property.
SetUserGroupNames Sets the UserGroupNames property.
Update Updates the current RD CAP.

Properties

The Win32_TSGatewayConnectionAuthorizationPolicy class has these properties.

AllowOnlySDRServers

Data type: boolean

Access type: Read-only

Indicates whether connections allowed only to secure device redirection (SDR) RDS servers. This property can be set using the EnableAllowOnlySDRServers method.

Windows Server 2008: This property is not available before Windows Server 2008 R2.

ClipboardDisabled

Data type: boolean

Access type: Read-only

Indicates if clipboard redirection will be disabled. This property has an effect only if the DeviceRedirectionType property has a value of "2".

ComputerGroupNames

Data type: string

Access type: Read-only

List of semicolon-separated computer group names. This value can be empty. The names are of the format Domain\ComputerGroupName. If a value is specified, then the client computer must belong to one of these computer groups for the user to access the RD Gateway server.

CookieAuthenticationAllowed

Data type: boolean

Access type: Read-only

Indicates if cookie authentication can be used to connect to the RD Gateway server. This property can be set by using the SetCookieAuthenticationAllowed method.

Windows Server 2008: This property is not available.

DeviceRedirectionType

Data type: uint32

Access type: Read-only

Specifies which devices will be redirected.

0

All devices will be redirected.

1

No devices will be redirected.

2

Specified devices will not be redirected. The DiskDrivesDisabled, PrintersDisabled, SerialPortsDisabled, ClipboardDisabled, and PlugAndPlayDevicesDisabled properties control which devices will not be redirected.

DiskDrivesDisabled

Data type: boolean

Access type: Read-only

Indicates if disk drive redirection will be disabled. This property has an effect only if the DeviceRedirectionType property has a value of "2".

Enabled

Data type: boolean

Access type: Read-only

Indicates whether this RD CAP will be used to evaluate a user for authorization.

HasNapAttributes

Data type: boolean

Access type: Read-only

Indicates if the RD CAP uses Network Access Protection (NAP) attributes.

IdleTimeout

Data type: uint32

Access type: Read-only

The idle timeout value, in minutes. A value of 0 means there is no timeout. This property can be set by using the SetIdleTimeout method.

Windows Server 2008: This property is not available.

Name

Data type: string

Access type: Read-only

Qualifiers: key

Name of the RD CAP.

Order

Data type: uint32

Access type: Read-only

Evaluation order of the RD CAP. The first RD CAP evaluated has a value of "1". The Order property can be changed when the Create, Delete, MoveUp, or MoveDown methods are called.

PasswordAllowed

Data type: boolean

Access type: Read-only

Indicates if a password can be used to connect to the RD Gateway server. This property can be changed by using the SetPasswordAllowed method.

PlugAndPlayDevicesDisabled

Data type: boolean

Access type: Read-only

Indicates if redirection of Plug and Play devices will be disabled. This property has an effect only if the DeviceRedirectionType property has a value of "2".

PrintersDisabled

Data type: boolean

Access type: Read-only

Indicates if printer redirection will be disabled. This property has an effect only if the DeviceRedirectionType property has a value of "2".

SecureIdAllowed

Data type: boolean

Access type: Read-only

Indicates if a secure identifier can be used to connect to the RD Gateway server.

Windows Server 2008: This property is not used.

SerialPortsDisabled

Data type: boolean

Access type: Read-only

Indicates if serial port redirection will be disabled. This property has an effect only if the DeviceRedirectionType property has a value of "2".

SessionTimeout

Data type: uint32

Access type: Read-only

The session timeout value, in minutes. A value of 0 means there is no timeout. This property can be set by using the SetSessionTimeout method.

Windows Server 2008: This property is not available.

SessionTimeoutAction

Data type: uint32

Access type: Read-only

Specifies the action to be taken in the case of a session timeout. This property can be set by using the SetSessionTimeout method.

This can be one of the following values.

Windows Server 2008: This property is not available.

0

Disconnect the session.

1

Attempt to re-authorize the session.

SmartcardAllowed

Data type: boolean

Access type: Read-only

Indicates if a smart card can be used to connect to the RD Gateway server. This property can be changed by using the SetSmartcardAllowed method.

UserGroupNames

Data type: string

Access type: Read-only

List of semicolon-separated user group names. The names are of the format Domain\UserGroupName. If the user belongs to any of these user groups, the user will be permitted access to the RD Gateway server.

Remarks

You must be a member of the Administrators group to use this class.

Managed Object Format (MOF) files contain the definitions for Windows Management Instrumentation (WMI) classes. MOF files are not installed as part of the Microsoft Windows Software Development Kit (SDK). They are installed on the server when you add the associated role by using the Server Manager. For more information about MOF files, see Managed Object Format (MOF).

Requirements

Requirement Value
Minimum supported client
 None supported
Minimum supported server
 Windows Server 2008
Namespace
 Root\CIMv2\TerminalServices
MOF
TSGateway.mof
DLL
AagWmi.dll

See also

Win32_TSGatewayConnection

Win32_TSGatewayLoadBalancer

Win32_TSGatewayRADIUSServer

Win32_TSGatewayResourceAuthorizationPolicy

Win32_TSGatewayResourceGroup

Win32_TSGatewayServerSettings