You can use the TS Gateway Microsoft Management Console (MMC) snap-in to configure the NPS policies for TS Gateway. TS Gateway uses a local NPS server to store an associated Terminal Services Connection Authorization Policy (TS CAP) as a network policy. (NPS is installed on the same computer as TS Gateway.) When a network policy is created from the TS Gateway user interface (UI), the policy is stored in the NPS back-end store (Ias.xml).
The NPS server also maintains a cache of the stored policies. Although TS Gateway updates changes that are made in the NPS back-end store, the NPS policy cache is not updated. If changes are made to the policy by using the NPS UI, the NPS UI overwrites the back-end store by using the contents of the cache. This behavior may cause you to lose the policy changes that you made by using the TS Gateway MMC snap-in.
TS Gateway is a role service in the Terminal Services server role of Windows Server 2008. The role allows for authorized remote users to connect to resources on an internal corporate network or on a private network from any Internet-connected device. The network resources can be terminal servers, terminal servers that are running RemoteApp programs, or computers that have Remote Desktop enabled.