Configuring and Administering the DirectAccess Service

Configuration

From the server manager, click the notification icon 1 and then click Open Startup Assistant 2 to launch the wizard.

Click Deploy DirectAccess only 1.

Wait while checking the configuration …

The deployment topology is normally detected automatically based on the network adapters configured on the server, indicate the FQDN 1 name through which the DirectAccess service will be accessible and click Next 2.

On the capture above, I use a private FQDN name (url), because infrastructure has been mounted in LAB and the WAN (public) part simulated.

Click here 1 to change the default configuration, we will indicate the group of computers that can use the service.

In the Remote Clients section, click Change 1.

Select the Computer group of domain 1 and click on Delete 2. If desktop computers need to connect through DirectAccess, uncheck box 3 Enable DirectAccess for laptops only.

When the Enable DirectAccess for Laptops Only check box is selected, a WMI filter is added to the Configuration Group Policy for DirectAccess.

Add the Active Directory Group 1 that contains the computers that are allowed to connect to the service and click Next 2.

Click on Finish 1 to validate the configuration.

Close the parameter access window by clicking OK 1….

Apply the configuration by clicking Finish 1.

Wait while configuring DirectAccess …

When the configuration is complete, click Close 1. When closing the configuration wizard the remote access management console will open.

An alert may be displayed if the fqdn name for DirectAccess is part of the same domain as the ActiveDirectory. This will add an exception entry in the NRPT table for DNS resolution of clients.

Management

Administration and changes to DirectAccess service settings are done through the Remote Access Management console.

In the menu on the left, by clicking on DirectAccess and VPN 1, you can access the service deployment view with the possibility to modify the configuration.

In the box of Step 3, click Edit 1.

The first Server Network Location setting is used to configure the probe that lets the computer know where it is in the network.

The DNS settings show the resolution strategies for the NRPT table, we can see that an exception has been added for the fqdn name to access the DirectAccess service.

Back on the Remote Access Management console in the Dashboard section, verify that all services are green.