{"id":3966,"date":"2015-08-10T09:53:44","date_gmt":"2015-08-10T14:53:44","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=3966"},"modified":"2015-10-21T12:48:51","modified_gmt":"2015-10-21T17:48:51","slug":"installing-configuring-directaccess-in-windows-server-2012-pt-1","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/installing-configuring-directaccess-in-windows-server-2012-pt-1\/","title":{"rendered":"Installing & Configuring DirectAccess in Windows Server 2012 – Pt.1"},"content":{"rendered":"

\"InstallingIn the last article we\u2019ve scratched the surface of the remote access technology available with Windows Server 2012, named DirectAccess. I\u2019ve tried to cover the most important aspects of DirectAccess so we can go further and discover the practical usage of this feature. The method of installing and configuring DirectAccess has been simplified with the release of Windows Server 2012. You can install DirectAccess using either the graphical interface or Windows Powershell.<\/span><\/p>\n

To install DirectAccess open up Server manager<\/i> console and click on Add Roles and Features<\/i> link and navigate to the Roles<\/i> section. Select the Remote Access <\/i>role and proceed to the next<\/i> section.<\/span><\/p>\n

\"Install<\/p>\n

In Windows Server 2012 you can configure the server to host both VPN<\/i> and DirectAccess services<\/i> simultaneously. Additionally, you can install the Routing<\/i> service on the same machine:<\/span><\/p>\n

\"VPN<\/p>\n

To install DirectAccess using Powershell, use Get-WindowsFeature<\/i> to list available roles and then execute Install-WindowsFeature RemoteAccess \u2013IncludeManagementTools. <\/i>Once the installation is completed successfully, use the Get-Command -Module RemoteAccess *da*<\/i> cmdlet to view available configuration commands for DirectAccess:<\/span><\/p>\n

\"View<\/p>\n

Open the Remote Access Management Console<\/i> and click on Run the Remote Access Setup Wizard<\/i>. Once the wizard has started, click on Deploy DirectAccess only<\/i>:<\/span><\/p>\n

\"Deploy<\/p>\n

Note that DirectAccess can only be installed on a server that is part of an Active Directory domain. The wizard will conduct a prerequisite check to verify if all requirements are met to configure DirectAccess. If your server is not part of an AD domain, the wizard will throw the following error:<\/span><\/p>\n

\"Verify<\/p>\n

Once the prerequisite check is completed, the map with the whole DirectAccess infrastructure is presented. This map is composed of four configurable sections, to successfully deploy DirectAccess within your company, you will have to configure each of the following components:<\/span><\/p>\n

Step1: Remote Clients<\/span><\/p>\n

Step2: Remote Access Server<\/span><\/p>\n

Step3: Infrastructure Servers<\/span><\/p>\n

Step4: Application Servers<\/span><\/p>\n

In this article we will focus on the first item of the DirectAccess infrastructure and we\u2019ll continue with the rest in a future article. The Remote Clients configuration section is displayed in the DirectAccess map as follows:<\/span><\/p>\n

\"DirectAccess-Remote<\/p>\n

To start the Remote Clients configuration wizard, click on the Configure<\/i> button. Windows Server 2012 offers two possible configuration options:<\/span><\/p>\n

\u00b7 Deploy full DirectAccess for client access and remote management<\/i> \u2013 offers bidirectional communication between remote clients and the enterprise network. Clients will be accessible from within the network for remote management, but they will also be able to access network resources using the Remote Access Server.<\/span><\/p>\n

\u00b7 Deploy DirectAccess for remote management only <\/i>\u2013 clients are accessible from within the network, but they are not able to access network resources from the Internet. This option is new to Windows Server 2012 and is mostly used when remote clients are managed via tools such as SCCM.<\/span><\/p>\n

\"Deploy<\/p>\n

For now we\u2019ll configure the default option to deploy full DirectAccess installation. In the next section is where we configure the security groups that will be allowed to establish connections with the Remote Access Server. I\u2019ve created an AD security group named \u201cDirectAccess Clients\u201d and I\u2019ve added it to the allowed DirectAccess groups:<\/span><\/p>\n

\"Create<\/p>\n

Note that you can enable DirectAccess for mobile computers only<\/i> to ensure that no Desktop computers will be able to connect to your Remote Access Server. The second option, Use force tunneling<\/i>, will redirect all traffic to your Remote Access server thus ensuring that traffic is passed to-and-from your DirectAccess machine. Leave these two options unchecked for now.<\/span><\/p>\n

Within the final step of this wizard you will have to enter the HelpDesk email address, allow local name resolution for DirectAccess clients and set a network connectivity assistant if desired (this setting allows DirectAccess clients to determine if they are located within the enterprise network or they are located in a public network):<\/span><\/p>\n

\"DirectAccess<\/p>\n

The Remote Clients configuration section can be easily made using Windows Powershell with the following cmdlets:<\/i><\/span><\/p>\n

Set-DAServer -DAInstallType ManageOut<\/i> or Set-DAServer -DAInstallType FullInstall<\/i><\/span><\/p>\n

Add-DAClient \u2013SecurityGroupNameList \u201cppscu.com\\DirectAccess Clients\u201d<\/i><\/span><\/p>\n

Set-DAClient -ForceTunnel \u201cEnabled\u201d -OnlyRemoteComputers \u201cEnabled\u201d<\/i><\/span><\/p>\n

Once the Remote Clients have been configured, we\u2019ll need to proceed to the Remote Access Server configuration page. I don\u2019t want to make this article too long so we\u2019ll continue with the next configuration steps in the next one. You can also experiment with the Powershell installation if you are interested in automatization. Since this configuration is mostly done once, I prefer using the interface. Hope you\u2019ve managed to complete this first step of the DirectAccess <\/i>configuration and if not, don\u2019t hesitate to post a comment in our dedicated section. Stay tuned for the following article.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

In the last article we\u2019ve scratched the surface of the remote access technology available with Windows Server 2012, named DirectAccess. I\u2019ve tried to cover the most important aspects of DirectAccess so we can go further and discover the practical usage of this feature. The method of installing and configuring DirectAccess has been simplified with the […]<\/p>\n","protected":false},"author":4,"featured_media":3988,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,9,8],"tags":[],"class_list":["post-3966","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-how-to","category-technical","category-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/3966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=3966"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/3966\/revisions"}],"predecessor-version":[{"id":4228,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/3966\/revisions\/4228"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/3988"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=3966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=3966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=3966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}