Is it possible to require a user has something else locally on the machine like a certificate. When setting RDS / gateway up I thought the user would have to have a certificate installed by a network admin on to the local computer but having played around it seems anyone can simply click install certificate at the certificate warning screen. Or have I not set thing up correctly?
Think I have just worked out a way of doing what I asked in my post above. If I create a self signed cert and apply this to the default website in IIS, when connecting to the rds gateway using remote desktop connection I get an error that the gateway cert cannot be verified and I have no way to continue as I have no option to install the cert. The only way is to copy the proper gateway cert which is not self signed but a purchased cert and install it manually on the client.
Does this sound ok or have I opened up some other back door in to the system?