How can I identify who has removed and added user groups from Resource Authorization Policies in RD Gateway Manager?

Hello   Sri_1，

Thank you for posting in Microsoft Community forum.

I can suggest some steps you can take to try to identify who has made changes to your Resource Authorization Policies.

First, you can check the event logs on your RD Gateway server. Look for events related to changes in user groups or Resource Authorization Policies. These events may provide information about who made the changes.

You can also check the security logs on your domain controller. Look for events related to changes in group membership. These events may provide information about who added or removed users from groups.

If you have auditing enabled on your RD Gateway server, you may be able to see who made changes to the Resource Authorization Policies by reviewing the audit logs.

I hope the information above is helpful.

If you have any question or concern, please feel free to let us know.

Best Regards,

Haijian Shan

Thank you for your reply. I have checked the relevant logs, and they only display updated events without specifying the actions taken, such as removals or additions.

Could someone assist me in identifying the relevant information?

Hello   Sri_1，

Thank you for your reply.

I'm sorry to hear that the logs did not provide the information you were looking for. Unfortunately, without access to additional data sources or logs, it may be difficult to determine who made the changes to your Resource Authorization Policies. However, you could try reaching out to your IT department or system administrator for assistance. If they are able to provide the time period during which the issue occurred who has ever logged in or connected.

It is recommended that you enable auditing on the RD Gateway server in the future, so that you can view the audit log to see who made changes to the resource authorization policy.

Best Regards,

Haijian Shan