You install a Terminal Server Gateway (TS Gateway) server in a Windows Essential Business Server 2008 environment. You are creating a TS Resource Authorization Policy (TS RAP) to specify computers on the internal network that can be accessed by remote users through the TS Gateway server.

In which types of groups can you add computers for this purpose? (Choose all that apply. Each correct answer presents a unique solution.)

A.
an existing security group in Local Users and Groups on the TS Gateway server

B.
an existing security group in Active Directory Domain Services (AD DS)

C.
a TS Gateway-managed computer group

D.
a TS Gateway-managed security group

E.
an existing security group in Local Users and Groups on the domain controller

Explanation:
You can add computers to an existing security group in Local Users and Groups on the TS Gateway server, in an existing security group in AD DS, and in a TS Gateway-managed computer group. Remote users who are located in a security group or in a TS Gateway-managed computer group can access internal network resources through TS Gateway. The security group can exist in Local Users and Groups on the TS Gateway server or in AD DS.

A TS Gateway-managed computer group can be created by using TS Gateway Manager after installation. While adding an internal network computer to the list of TS Gateway-managed computers, you should consider whether to enable remote users to connect to the computer through specifying either its computer name or its IP address. If you want to allow remote users to use both the name and IP address to access a computer, you must add the computer to the computer group twice, first by specifying the computer name and adding it to the computer group, and then by specifying the IP address and adding it to the computer group again.
You cannot add computers in a TS Gateway-managed security group or in an existing security group in Local Users and Groups on the domain controller because neither of these groups exists.