The first Wizard in configuring DirectAccess is pretty straight forward and asks only one question: What groups of computers do you want to enable for DirectAccess?
I find it most useful to create one active directory security group called “DirectAccess Enabled Computers” that can be used for actually enabling DirectAccess. You can then add Computers or even other Groups of Computers as members of this group. This allows you to manage who has DirectAccess from within Active Directory and you won’t need to revisit this wizard or modify Group Policy later. You should note that once you add a computer to this group they will need to process group policy in order to become DirectAccess enabled. This means they will need to be connected to the domain for the first time in order to come online.
To get started click the Edit button in the Clients group.
Now click the Add button and select the AD Security Group that you want to use to enable DirectAccess for it’s member computers.
You can enter several groups here but I like to enter just the one “DirectAccess Enabled Computers” and then mange membership of that group from Active Directory.
Click finish and you’re done! Keep in mind that if you already have a configuration in place then changing this setting will not automatically enable a new group for DirectAccess. The configuration will need to be Generated AND Activated, then the client computers will also need to fetch the new policy, as is the case with any other changes to the UAG configuration. If this is the first time you’re running through this configuration don’t worry about activating the configuration just yet. You have pleanty more to run through first.