![Page 1: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/1.jpg)
Prerequisites
Domain Admin rights to complete the tutorial below
Windows Server 2012 R2 machine Two network cards – One in your internal network, the other in your DMZ Joined to your domain Latest Windows Updates
(seriously, apply these, there are updates released specifically for DirectAccess)
DMZ
PKI Setup (Public Key Infrastructure to issue self-signed certificates) Custom template setup for issuing servers with an intended purpose of Server Authentication Certificate auto-enrollment has been configured
Active Directory Security Group designated with Computer Objects allowed to use DirectAccess
1. Login to your Server 2012 R2 server we will be using for installing the Direct Access
2. Ensure all windows updates have been applied.
3. Open up Server Manager
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 2: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/2.jpg)
4. Select Manage -> Add Roles and Features
5. Click Next > on the Before you Begin step
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 3: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/3.jpg)
6. Ensure Role-based or feature-based installation is checked and click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 4: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/4.jpg)
7. Select Next > on the Select destination server step
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 5: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/5.jpg)
8. Check Remote Access and click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 6: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/6.jpg)
9. Click Next > on the Select Features step
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 7: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/7.jpg)
10. Click Next > on the Remote Access step
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 8: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/8.jpg)
11. Check DirectAccess and VPN (RAS)
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 9: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/9.jpg)
12. Click the Add Features button on the dialog box that prompts
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 10: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/10.jpg)
13. Check DirectAccess and VPN (RAS) and then click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 11: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/11.jpg)
14. Click Next > on the Web Server Role (IIS) page
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 12: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/12.jpg)
15. Click Next > on the Role Services page
16. Check the Restart the destination server automatically if required checkbox and clickYes on the dialog
box.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 13: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/13.jpg)
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 14: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/14.jpg)
17. Click Install
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 15: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/15.jpg)
18. Click Close when the install has completed
19. Back in Server Manager, click on Tools -> Remote Access Management (You can ignore the warning
icon, the Open the Getting Started Wizard will only do a quick setup of DirectAccess. We want to do a full
deployment).
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 16: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/16.jpg)
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 17: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/17.jpg)
Here is what the quick deployment looks like. Don’t click on
this.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 18: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/18.jpg)
20. On the Remote Access Management Console, click on DirectAccess and VPN on the top left and then
click on the Run the Remote Access Setup Wizard.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 19: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/19.jpg)
21. On the Configure Remote Access window, select Deploy DirectAccess only
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 20: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/20.jpg)
22. Click on the Configure… button for Step 1: Remote Clients
23. Select Deploy full DirectAccess for client access and remote management and clickNext >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 21: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/21.jpg)
24.
25. Click on the Add… button
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 22: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/22.jpg)
26.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 23: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/23.jpg)
27. Select the security group inside of Active Directory that will contain computer objects allowed to use
DirectAccess and click OK
28. Optionally, uncheck or check Enable DirectAccess for mobile computers only as well as Use force
tunneling and click Next >1. If Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a
laptop/tablet. If WMI determines the machine is not a “mobile device”, the group policy object will not be applied to those machines in the security group. In short, if checked, DirectAccess will not be applied to computers that are desktops or VMs placed inside the security group.
2. If Use force tunneling is checked, computers will always use the direct access server when remote. For example, if the user surfs the web to a public website like jackstromberg.com, the traffic will go through the DirectAccess tunnel and back to the machine, rather than directly to the ISP. Generally, this is used for strict compliance environments that want all network traffic to flow through a central gateway.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 24: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/24.jpg)
3.
29. Double click on the Resource | Type row
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 25: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/25.jpg)
1. What this step is trying to do is find a resource on the internal network that the client can “ping” to ensure the DirectAccess client has successfully connected to the internal network.
30. Select whether you want the client to verify it has connected to the internal network via a HTTP response or
network ping, optionally click the validate button to test the connection, and then click Add
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 26: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/26.jpg)
1. You may want to add a couple resources for failover testing purposes, however it isn’t recommended to list every resource on your internal network.
31. Enter in your Helpdesk email address and DirectAccess connection name (this name will show up as
the name of the connection a user would use), and check Allow DirectAccess clients to use local name
resolution and click Finish.1. Based on what I could find, checking Allow DirectAccess clients to use local name resolution will allow the
DirectAccess client to use the DNS server published by DHCP on the physical network they are connected to. In the event the Network Location server is unavailable, the client would then use the local DNS server
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 27: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/27.jpg)
for name resolution; allowing the client to at least access some things via DNS.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 28: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/28.jpg)
32. Click on Configure… next to Step 2: Remote Access Server
33. On the Remote Access Server Setup page, select Behind an edge device (with two network adapters) and ensure you specify a public facing DNS record that DirectAccess will use to connect back to
your environment, and then click Next >1. NOTE: By default, your domain’s FQDN will be used, so if you have a .local domain, you will want to switch
this to your actual .com, .net, .org, .whatever.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 29: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/29.jpg)
2. As an additional side note, hereis some information from the following KB article on what the differences are between each of the topologies. From what I gather, using the dual NIC configuration is Microsoft’s best practice from a security standpoint.
Two adapters—With two network adapters, Remote Access can be configured with one network adapter connected directly to the Internet, and the other is connected to the internal network. Or alternatively the server is installed behind an edge device such as a firewall or a router. In this configuration one network adapter is connected to the perimeter network, the other is connected to the internal network.
Single network adapter—In this configuration the Remote Access server is installed behind an edge device such as a firewall or a router. The network adapter is connected to the internal network.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 30: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/30.jpg)
34. On the Network Adapters step, select your External (DMZ) and Internal (LAN) adapters.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 31: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/31.jpg)
35. Leave the Remote Access Setup screen open and right click on Start button and selectRun
36. Type mmc and select OK
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 32: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/32.jpg)
37. Click File -> Add/Remove Snap-in…
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 33: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/33.jpg)
38. Select Certificates and click Add >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 34: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/34.jpg)
39. Select Computer account and click Next >
40. Ensure Local Computer is selected and click Finish
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 35: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/35.jpg)
41. Click OK on the Add or Remove Snap-ins machine
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 36: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/36.jpg)
42. Expand Certificates (Local Computer) -> Personal -> Certificates, right click onCertificates and
select Request New Certificate…
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 37: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/37.jpg)
43. Click Next on the Before You Begin screen
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 38: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/38.jpg)
44. Click Next on the Select Certificate Enrollment Policy
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 39: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/39.jpg)
45. Select your template that will support server authentication and click More information is required to enroll for this certificate. Click here to configure settings.
1. Note: The WebServers enrollment policy is not something out of the box configured by Microsoft. You will need to manually login to your certificate authority, duplicate the Web Servers template with the settings you wish, ensure your usergroup can Enroll for a certificate, and then publish it to AD.
46. On the Subject tab, enter the following values (substituting in your company’s information):
Common name: da.mydomain.com
Country: US
Locality: Honolulu
Organization: My Company
Organization Unit: Information Technology
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 40: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/40.jpg)
State: Hawaii
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 41: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/41.jpg)
47. On the Private Key tab, expand Key options and check Make private key exportable. Click Apply when
done.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 42: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/42.jpg)
48. Click Enroll.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 43: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/43.jpg)
49. Click Finish.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 44: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/44.jpg)
50. Go back to the Remote Access Setup screen and click Browse…
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 45: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/45.jpg)
51. Select your da.mydomain.com certificate we just created and click OK.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 46: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/46.jpg)
52. Click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 47: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/47.jpg)
53. Check Use computer certificates and check Use an intermediate certificate and then click Browse…
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 48: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/48.jpg)
54. Select the certificate authority that will be issuing the client certificates and click click OK
55. Optionally, you may enable Enable Windows 7 client computers to connect via DirectAccess as well as
Enforce corporate compliance for DirectAccess clients with NAP. Note: Configuring these two options are
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 49: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/49.jpg)
not covered in the scope of this tutorial. ClickFinish when done.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 50: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/50.jpg)
56. Click on Configure… next to Step 3: Infrastructure Servers
57. On the Remote Access Setup screen, check The network location server is deployed on a remote web server (recommended), type in the website address to the Network Location Server, and click Next >
1. So for whatever reason, there aren’t many articles explaining what exactly the network location server is and how to set it up. From what I gather, the Network Location Server is merely a server with a website running on it that the client can contact to ensure it has reached the internal network. The webpage can be
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 51: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/51.jpg)
the default IIS webpage; just ensure the website is NOT accessible externally.
58. Specify any additional DNS servers you wish to use for name resolution, ensure Use local name resolution if the name does not exist in DNS or DNS servers are unreachable when the client
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 52: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/52.jpg)
computer is on a private network (recommended) is checked and click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 53: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/53.jpg)
59. Check Configure DirectAccess clients with DNS client suffix search list, ensure your local domain’s
suffix has been added, and click Next >
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 54: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/54.jpg)
60. Click Finish on the Management page.
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 55: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/55.jpg)
61. Click the Configure…. button on Step 4: Application Servers
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 56: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/56.jpg)
62. Check Do not extend authentication to application servers and click Finish
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 57: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/57.jpg)
63. Click Finish… on the Remote Access Management Console page
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 58: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/58.jpg)
64. Click Apply on the Remote Access Review page
65. Click Close once direct access has successfully finished deploying
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX
![Page 59: gallery.technet.microsoft.com · Web viewIf Enable DirectAccess for mobile computers is checked, WMI will query the machine to determine if it is a laptop/tablet. If WMI determines](https://reader035.vdocuments.us/reader035/viewer/2022081605/5b015bfd7f8b9a84338e0ca5/html5/thumbnails/59.jpg)
66. Login to one of your Windows 8.X Enterprise machines that is inside of your DirectAccess Compuers
security group and run a gpupdate from command line to pull down the latest group policy.
67. At this point, you should now be able to login to your network via DirectAccess!
Syed Sabhi Zaidi (MCT) Microsoft MicrotechX