title | description | manager | ms.topic | ms.assetid | ms.author | author | ms.date |
---|---|---|---|---|---|---|---|
Prerequisites for Deploying DirectAccess |
This topic provides prerequisites for DirectAccess deployment in Windows Server 2016. |
brianlic |
article |
57c7e039-42ef-4909-867a-b5f669c9e74e |
wscontent |
robinharwood |
08/07/2020 |
Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016
The following table lists the prerequisites necessary for using the configuration wizards to deploy DirectAccess.
Scenario | Prerequisites |
---|---|
Deploy a Single DirectAccess Server Using the Getting Started Wizard | - Windows Firewall must be enabled on all profiles - Only supported for clients running Windows 10®, - A public key infrastructure is not required. - Not supported for deploying two-factor authentication. Domain credentials are required for authentication. - Automatically deploys DirectAccess to all mobile computers in the current domain. - Traffic to the Internet does not go through DirectAccess. Force tunnel configuration is not supported. - DirectAccess server is the network location server. - Network Access Protection (NAP) is not supported. - Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. - For a multisite configuration, now or in the future, first follow the guidance in Deploy a Single DirectAccess Server with Advanced Settings. |
Deploy a Single DirectAccess Server with Advanced Settings | - A public key infrastructure must be deployed. For more information, see Test Lab Guide Mini-Module: Basic PKI for Windows Server 2012. - Windows Firewall must be enabled on all profiles. The following server operating systems support DirectAccess. - You can deploy all versions of Windows Server 2016 as a DirectAccess client or a DirectAccess server. The following client operating systems support DirectAccess. - Windows 10® Enterprise - Force tunnel configuration is not supported with KerbProxy authentication. - Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. - Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. |