+1 (866) 930-8356

We are experts on the entire Microsoft enterprise product stack. These are Microsoft technologies we regularly deploy. We provide real business value through strategic guidance, technical expertise, and knowledge transfer.

 

Most organizations share a core set of business needs. These solution categories apply across industries, helping line-of-business managers and the IT managers who support them apply genuine solutions to universal needs.

 

As an IT systems integrator, our expertise is putting all the pieces together to get the job done, so we never have to take “no” for an answer. We help organizations improve business productivity in any department.

 

We provide solutions customized to the needs of your industry. Whatever your industry or product, we can provide project, service, process, and content management solutions—to increase productivity and IT value.

 
Concurreny
Real Microsoft expertise. Real business value.
Microsoft Hybrid Cloud Event – Milwaukee
Concurrency To Share Microsoft eDiscovery Insights
Microsoft eDiscovery Event
2013 Wisconsin IT Symposium – An Invitation
Concurrency Offers In-Depth Course on Microsoft Dynamics CRM Extensions
Concurrency Educational Events On Combining Dynamics CRM and Lync
Blog
January 25, 2011 | Shannon Fritz | DirectAccess, Infrastructure, Unified Access Gateway

UAG SP1 DirectAccess: Config Wizard, Clients

The first wizard has been given some pretty significant enhancements in SP1 that include easier configuration of the deployment type and more flexible ways of defining who your DirectAccess clients will be.

Here you can select whether or not you want the users who are logged into the DirectAccess enabled computer are able to connect to your corporate resources.  The default is yes, you want to allow users to reach your file servers and intranet web sites and so on.  Alternatively you can select what is commonly referred to as a “Manage Out” deployment where only the computer account (not the user) is able to reach into the corpnet so that it can fetch updates, talk to your domain controllers and other management services.  In either deployment model you will be able to reach out to the DA clients FROM your corpnet on any host that is IPv6 enabled (typically thanks to you using ISATAP on the intranet).

You can also select other domains that you want to allow your DA clients to connect to.

New in SP1 is the ability to inject the Group Policy settings into existing policies or create new ones.  I prefer the default which is to leave the DirectAccess Policies in their own GPO.  Fun fact:  If you are upgrading from RTM to SP1, your existing DirectAccess policies will be listed in the”Automatically Generate” option as they are in the screen shot below, with the GUID in the name. If you are doing a new deployment, or if you delete the existing policies and make new ones, the GPO names will include the name of your UAG server instead of the GUID.  So if you want your GPO’s to be named pretty, delete the existing policies and net UAG create new ones.

Also new in SP1 is the ability to apply the DirectAccess client policy to AD Security Group(s) OR Active Directory OU(s).  I prefer using a single group, but you can decide what’s best for your organization.

Click Finish and you’re ready to move on to the next wizard.

Don’t worry about configuring the “optional” Client Connectivity Assistant for now. I’ll soon have another post available that runs you through that.

More on UAG SP1 DirectAccess Configuration:

  1. Before Getting Started
  2. IP Addressing the Server
  3. Installation and Updates
  4. Certificates, Groups and Prerequisites
  5. Internal and External DNS
  6. Network Location Server (NLS)
  7. Firewalls and TMG Settings
  8. Config Wizard: The First Time
  9. » Config Wizard: Clients «
  10. Config Wizard: DirectAccess Server
  11. Config Wizard: Infrastructure Servers
  12. Config Wizard: End-to-End Access
  13. Apply and Activate
  14. Connectivity Assistant v1.5
 
 

Shannon Fritz

Infrastructure Architect and Server Team Lead at Concurrency. Shannon is an MVP in Forefront and Enterprise Security, MCSE in Private Cloud and MCSA Windows Server 2012. He's also a self-professed media junkie. Just ask him about MediaCenter!

 
  • http://www.quickidcard.com Steve Boller

    I’m trying to find a screenshot or youtube of 2 factor authentication prompt. We’d like to setup DA over UAG with RSA.
    Would you be able to share a screenshot of RSA or any other OTP prompt from DCA?

    Thanks

Categories

 

Get in touch

By Technology

By Solution

By Department

By Industry

You can find us at

Concurrency Building

Concurrency, Inc.
3190 Gateway Road
Brookfield, WI 53045
262.364.5800

 

All rights reserved © 2012

Concurrency

For technical support and additional information: Client Support,
Remote Support, Blog, Contact Us.

Our mission is to help clients increase business productivity and get more value from their IT investments. Let us know your business needs.

Microsoft Partner