Ongoing Management of Remote DirectAccess Clients

Applies To: Windows 7, Windows Server 2008 R2


This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (

With current virtual private network (VPN) solutions, the remote computer is connected to the intranet only intermittently. This model of user-initiated connections makes it difficult for information technology (IT) staff to manage remote computers with the latest updates and security policies. Remote computer management can be mitigated by checking for and requiring system health updates before completing the VPN connection. However, such requirements can add substantial wait times to the VPN connection process.

With DirectAccess, IT staff can manage mobile computers by updating Group Policy settings and distributing software updates any time the mobile computer has Internet connectivity, even if the user is not logged on. This flexibility allows IT staff to manage remote computers as if they were directly connected to the intranet and ensures that mobile users stay up-to-date with security and system health policies.