Using Direct Access to allow mobile users to have GPO and the Domain experience

Question

I'm interested in using Direct Access mainly so I can apply GPO to mobile clients and control the "domain experience" these users have.

Q: Does Direct Access allow end users to transparently work this way?

I'm in the process of setting up a test lab, learning PKI, and IPV6 since they are requirements of DA.

score 1 · Accepted Answer · answered Jun 06 '12 at 16:55

1

Theoretically yes,

The client (Win7 Ent Only) will connect behind the scenes back to the DA server(s) to essentially establish a pseudo-vpn connection. This is all supposed to happen before the user logs in, so theoretically yes it looks just like they were sitting in the office.

I'm pretty sure you meant mobile clients such as laptops, right?

answered Jun 06 '12 at 16:55

Brent Pabst

6,059
2
23
36

Yes, mobile is my key scenario... – makerofthings7 Jun 06 '12 at 17:17
OK, just making sure you weren't going for Phones. – Brent Pabst Jun 06 '12 at 17:17

score 1 · Answer 2 · answered Jun 07 '12 at 19:03

Yes, this is exactly what DirectAccess was designed for! Kind of like automatic VPN. DirectAccess clients can be Windows 7 Enterprise or Windows 7 Ultimate, or even Server 2008 R2 if you have a need to do so. Also, if you utilize UAG as the DirectAccess platform you do not need anything on your internal network to be IPv6, you can be completely IPv4 and it will still work. Let me know if you have any further questions, DA is my day job :) Jordan.Krause@ivonetworks.com

Using Direct Access to allow mobile users to have GPO and the Domain experience

2 Answers2