4.2.1 DirectAccess

The following is an example of a Name Resolution Policy entry to apply DirectAccess for names under the directaccess.example.com domain. The policy specifies the DNS servers to query and requires IPsec with medium encryption but no CA restriction or proxy.

Key: SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig\{Rule GUID}

Value: "Version"

Type: REG_DWORD

Size: 32 bits.

Data: 00000001

Value: "Name"

Type: REG_MULTI_SZ.

Size: Equal to the size of the data field.

Data: ".directaccess.example.com"

Value: "ConfigOptions"

Type: REG_DWORD

Size: 32 bits.

Data: 00000004

Value: "DirectAccessDNSServers"

Type: REG_SZ.

Size: Equal to the size of the data field.

Data: "10.1.1.1;10.2.2.2"

Value: "DirectAccessProxyName"

Type: REG_SZ.

Size: Equal to the size of the data field.

Data: ""

Value: "DirectAccessProxyType"

Type: REG_DWORD

Size: 32 bits.

Data: 00000000

Value: "DirectAccessQueryIPSECEncryption"

Type: REG_DWORD

Size: 32 bits.

Data: 00000002

Value: "DirectAccessQueryIPSECRequired"

Type: REG_DWORD

Size: 32 bits.

Data: 00000001

Value: "IPSECCARestriction"

Type: REG_SZ.

Size: Equal to the size of the data field.

Data: ""