This wiki show's how to enable RDP on a TMG server. Found some questions about it and experience myself either that just enable Terminal Server and add computers/networks isn’t enough.
So why it isn’t working, I mean, thoughts on TMG always tells me, Only use TMG console! Especially when working with mail hygiene solutions integrated in TMG… You’ll regret you opened the Forefront Security for Exchange Console for editing the spam configuration
or change something in the Exchange Edge (Exchange Console) 
.
Here we have an exception granted and we need to assign the RDP-Tcp connection to a single adapter (LAN). Its common, if we look for solutions, and was also a issue in former versions of ISA Server.
Open the Remote Desktop Session Host Configuration and right click RDP-Tcp:
Go to the Network adapter tab and select the network adapter you want to assign for RDP. I assigned it to my internal network adapter here:
Press OK, and open the services to restart Remote Desktop Services:
Go back to your TMG Console, open the Firewall Policy and in the right pane under tasks, you have on the bottom option to edit system policy:
Scroll to Remote Management and in Terminal Server General tab select Enable…..group.
In the from tab specify from which sources you want to allow Terminal Server:
Hit OK and apply configuration:
So now you should be able to Remote Desktop to your TMG server from the selected computers/networks you assigned.
Orignal post can be found here:
http://blog.josmar.nl/2011/11/enable-rdp-on-tmg-for-remote-management.html