Archive for the ‘DirectAccess’ Category

DirectAccess on Windows 2012

Windows Server | DirectAccess | Remote Access | VPN

#DirectAccess is a feature in the Windows 7 , Windows Server 2008 R2 and Windows Server 2012 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access.

Direct Access feature in Windows Server 2008 R2 had following goals for organizations;

  • Direct Access enhances the productivity of mobile workers by connecting their computers automatically and seamlessly to their intranet any time Internet access is available
  • With Direct Access, IT staff can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity
  • Direct Access separates intranet from Internet traffic.
  • When an application on a Direct Access client attempts to resolve a name, it first compares the name with the rules in the NRPT (Name Resolution Policy Table )
    If there are no matches, the Direct Access client uses Internet DNS servers to resolve the name

The new thing here is that in windows 2012 you can use a single nic.

In this sample I use a single nic just the easy steps to install the features

 

image 

If you look for the feature direct access you can’t find it , it is in the remote access option.

image  clip_image002

The installation is very easy even in windows 2012 you can find the option and install the feature

clip_image004 image

Now that the installation is ready we can begin with the configuration, just right click on the server and choose the RA management.

The screen pops up with two choices :

 

clip_image008  clip_image010

I use the getting started wizard and the deploy directAccess only, My VPN is already covered by my TMG server.

clip_image012 

Now the installation wizard ask you how you want to configure this edge,two or single nic.

I us a single nic. and I put in the url that is needed for external access.

clip_image016 clip_image018

The first part is now ready in a brief overview we can customize things that we need.

clip_image020 clip_image022

the GPO settings if you want different names or computer groups , you can change it .

 

clip_image024 clip_image030

again this is my test lab so I can use names that I want to use , in real pick a name that is right for this solution.

clip_image032 clip_image034

clip_image036 clip_image038I have a CA but in this case I use a self signed certificate just to show that this can be used. If you want to use your CA make sure that your server has a Certificate

 

clip_image040 clip_image042clip_image044Finished

a nice overview of the configuration is showing and all the options are on the left.

 

clip_image046 to show you the GPO’s that are created. I have to sets one for this demo and one for real. so two gpo’s are created the client settings and the server settings.

 

imagewhat is in this gpo

clip_image050 clip_image052

this is all default.

Now we start with the client setup I choose the top

The second one limit DirectAccess usage to Remote management capabilities and does not offer users access to internal resources.

 

clip_image054 clip_image058

Now that this is ready I want reporting but therefore I need accounting , I set this up and ready to go.

clip_image060 clip_image062

I can see in the monitoring I have some errors.

image You can see that this is my SCCM servers. these are not responding , I know this so I can ignore this error.

clip_image064 You can create more logging in detail just start the tracing and you are good to go.

Now that the setup is complete You can connect with your new Windows 8 Client or 7 to connect to this server.

In my next part id do some more configuration.

Posted June 23, 2012 by Robert Smit in DirectAccess, Windows Server 2012

Tagged with

  • Tag