4.2.1 DirectAccess
The following is an example of a Name Resolution Policy entry to apply DirectAccess for names under the directaccess.example.com domain. The policy specifies the DNS servers to query and requires IPsec with medium encryption but no CA restriction or proxy.
Key: SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig\{Rule GUID}
Value: "Version"
Type: REG_DWORD
Size: 32 bits.
Data: 00000001
Value: "Name"
Type: REG_MULTI_SZ.
Size: Equal to the size of the data field.
Data: ".directaccess.example.com"
Value: "ConfigOptions"
Type: REG_DWORD
Size: 32 bits.
Data: 00000004
Value: "DirectAccessDNSServers"
Type: REG_SZ.
Size: Equal to the size of the data field.
Data: "10.1.1.1;10.2.2.2"
Value: "DirectAccessProxyName"
Type: REG_SZ.
Size: Equal to the size of the data field.
Data: ""
Value: "DirectAccessProxyType"
Type: REG_DWORD
Size: 32 bits.
Data: 00000000
Value: "DirectAccessQueryIPSECEncryption"
Type: REG_DWORD
Size: 32 bits.
Data: 00000002
Value: "DirectAccessQueryIPSECRequired"
Type: REG_DWORD
Size: 32 bits.
Data: 00000001
Value: "IPSECCARestriction"
Type: REG_SZ.
Size: Equal to the size of the data field.
Data: ""