Permalink
Fetching contributors…
Cannot retrieve contributors at this time
31 lines (24 sloc) 3.64 KB
title description manager ms.custom ms.prod ms.reviewer ms.suite ms.technology ms.tgt_pltfrm ms.topic ms.assetid ms.author author
Prerequisites for Deploying DirectAccess
This topic provides prerequisites for DirectAccess deployment in Windows Server 2016.
brianlic
na
windows-server-threshold
na
na
networking-da
na
article
57c7e039-42ef-4909-867a-b5f669c9e74e
pashort
shortpatti

Prerequisites for Deploying DirectAccess

Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

The following table lists the prerequisites necessary for using the configuration wizards to deploy DirectAccess.

Scenario Prerequisites
Deploy a Single DirectAccess Server Using the Getting Started Wizard - Windows Firewall must be enabled on all profiles

- Only supported for clients running Windows 10®,
Windows® 8, and Windows® 8.1 Enterprise.

- A public key infrastructure is not required.

- Not supported for deploying two-factor authentication. Domain credentials are required for authentication.

- Automatically deploys DirectAccess to all mobile computers in the current domain.

- Traffic to the Internet does not go through DirectAccess. Force tunnel configuration is not supported.

- DirectAccess server is the network location server.

- Network Access Protection (NAP) is not supported.

- Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

- For a multisite configuration, now or in the future, first follow the guidance in Deploy a Single DirectAccess Server with Advanced Settings.
Deploy a Single DirectAccess Server with Advanced Settings - A public key infrastructure must be deployed.
For more information, see Test Lab Guide Mini-Module: Basic PKI for Windows Server 2012.

- Windows Firewall must be enabled on all profiles.

The following server operating systems support DirectAccess.

- You can deploy all versions of Windows Server 2016 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2012 R2 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2012 as a DirectAccess client or a DirectAccess server.
- You can deploy all versions of Windows Server 2008 R2 as a DirectAccess client or a DirectAccess server.

The following client operating systems support DirectAccess.

- Windows 10® Enterprise
- Windows 10® Enterprise 2015 Long Term Servicing Branch (LTSB)
- Windows® 8 and 8.1 Enterprise
- Windows® 7 Ultimate
- Windows® 7 Enterprise

- Force tunnel configuration is not supported with KerbProxy authentication.

- Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported.

- Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported.