A set of standard Active Directory domain group policies recommended for use on a server performing the Axidian Privilege Indeed Identity PAM Gateway role to ensure security.
...
- On the domain controller, create a new GPO, for example "Axidian Privilege Indeed Identity PAM RDS Server".
- Configure GPO security filters to apply only to the Axidian Privilege Indeed Identity PAM Gateway server object.
- Download the archive with a set of policies and unpack it into a temporary folder.
- Right-click on the created GPO and select "Import settings..." from the context menu.
- Specify the path to the folder with the unpacked archive.
- In the "Transfer Links" window, select the "copy them exactly from source" checkbox.
- After successful import, open the GPO and edit the "Allow log on through Remote Desktop Services" policy by adding a security group for users who need remote access.
- Link the GPO to the organizational unit that owns the Axidian Privilege Indeed Identity PAM Gateway server.
- Apply the policies by running the gpupdate /force command on the Axidian Privilege Indeed Identity PAM Gateway server.