The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

How to install and configure Direct Access on Windows Server

Download Windows Speedup Tool to fix errors and make PC run faster

This post will discuss how to install and configure Direct Access on Windows Server. DirectAccess allows users to seamlessly access internal network resources whenever they are connected to the Internet without any user intervention or the requirement to supply credentials. This feature provides a convenient and secure way for users to access company resources remotely.

What is DirectAccess in Windows Server?

DirectAccess is a feature in Windows Server that allows remote users to connect to an organization’s network without initiating a traditional Virtual Private Network (VPN) connection. Unlike a VPN, DirectAccess provides always-on connectivity, so once the client is connected to the Internet, it automatically connects to the organization’s network. This feature offers Remote Management and superior security.

How to install and configure Direct Access on Windows Server

To install and configure Direct Access on Windows Server, follow these steps.

  1. Install Remote Access Management Role
  2. Configure Static IP Address
  3. Create a new security group, grant permissions, and enroll certificates
  4. Create DirectAccess-NLS A Record
  5. Enable Direct Access

1] Install Remote Access Management Role

First, we will install the Remote Access Management role and feature to obtain the tools required to use Direct Access.

  • Open Server Manager.
  • Now, click on Add roles and features from the Configure the local server section.
  • This will open the Add Roles and Features wizard, click on Next.
  • Select Role-based or feature-based installation and click on Next.
  • Check Select a server from the server pool, select the server, and click on Next.
  • We need to skip the Server Roles section by clicking on Next.
  • Now, install Remote Access Management Tools and all the checkboxes that’s below it

After installing all the features, close the wizard.

Read: How to remove Roles and Features in Windows Server?

2] Configure Static IP Address

Set Static IP Address

You can’t have a dynamic IP address on a server you want to use for Direct Access. To set your server’s IP address to a static IP, follow the steps mentioned below.

  • In Server Manager, go to Local Serer and click on the hyperlink next to Ethernet.
  • Right-click on your network adapter and click on Properties.
  • Look for Internet Protocol Version 4 (TCP/IPv4), select it, and click on Properties.
  • Now, you need to check Use the following IP address and Use the following DNS server addresses.
  • In the Preferred DNS server section, enter the IP address of your server.
  • Click on OK.

After setting up a static IP, let’s move on to the next step.

3] Create a new security group, grant permissions, and enroll certificates

Next, we must create a new security group for Direct Access client computers. To do so, follow the steps mentioned below.

  • Open Server Manager.
  • Go to Tools > Active Directory Users and Computers.
  • Now, expand your server name, go to Users, right-click, and click on New > Group.
  • Give the group a name, leave all the options to default, and click Ok.

This has created a new group, but we do need to grant full permissions to authenticated users for the web server certificate template.

To do so, follow the steps mentioned below.

  • Open Server Manager.
  • Click on Tools > Certification Authority.
  • Right-click on Certificate Template and click on Manage.
  • Look for Web Server, right-click on it, and click on Properties.
  • Now, select the users you want access to, and tick the Full Control section.
  • Click on Ok.
  • Now, open PowerShell as an administration and run Restart-Service certsvc.

Now, let’s enroll in the NLS server certification. We will create an alias name for the certificate that is not resolvable from the external network.

To do so, follow the steps mentioned below.

  • Search and open “Manage user certificates”.
  • Expand Personal, right-click on Certificates, and click on All Tasks > Request New Certificate.
  • Click on Next > Next.
  • Check Web Server and then click on More information is required to enroll for the certificate. Click here to configure settings.
  • Set the Type section to Common name, enter “DirectAccess-NLS.domain.local” in the Value field, and click on Add.
  • Click on Ok and then once you are on the Certificate Enrollment, click on Enroll.
  • Click on Finish.

This way, a new certificate will be installed.

4] Create DirectAccess-NLS A Record

To create a host A record for the Network Location Server:

  • In Server Manager, go to Tools > DNS Manager.
  • Right-click on your local domain and select the New Host (A or AAAA) option.
  • Name it “DirectAccess-NLS” and enter the IP of your server.
  • Click on Add Host.

You will get a confirmation prompt, so click OK.

Read: How to Install, Uninstall, Reset Windows Server Backup

5] Enable Direct Access

Direct Access on Windows Server

We can now enable Direct Access from the Remote Access Management utility. To do so, follow the steps mentioned below.

  • In Server Manager, go to Tools > Remove Access Management.
  • If you see any error, just ignore it, and proceed to to Configuration tab.
  • Here, you need to select Enable DirectAccess.
  • This will open Enable DirectAccess Wizard, and click Next.
  • Click Add > Advanced > Find Now.
  • Select the Direct Access Computers group and click on Ok.
  • Again click on Ok.
  • Tick Enable DirectAccess for mobile computers only and click on Next.
  • Check Behind an edge device (with a single network adapter) and click on Next.
  • Follow the on-screen instructions until you click on Finish.

Click on the Dashboard and monitor the Configuration Status. It may take some time to become active. Refresh the page and check again. After a while, all statuses should be green except for one, so disregard it.

Read: Windows Server 2022 Hardware Requirements

How to install and configure Active Directory in Windows Server?

To use the Active Directory on Windows Server, install the Active Directory Domain Service on your server. To do this, open the Server Manager, go to Tools > Add Roles and Features, and from Serer Roles, install the service mentioned earlier.

Read: How to Setup Branch Cache in Windows Server.

Yusuf@TWC

Yusuf is an Engineering graduate from Delhi. He has written over 1000 technical articles and has knowledge of programming languages including Java, and C++, and technologies such as Oracle 12C and MsSQL. Troubleshooting Windows is his favorite past-time.