Choose a Configuration Method

Applies To: Windows 7, Windows Server 2008 R2


This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (

You can use the following methods to deploy and configure DirectAccess:

  • The DirectAccess Management console

  • Custom configuration using the Network Shell (Netsh) command-line tool and Group Policy

The following sections describe the benefits and limitations of each of these methods.

DirectAccess Management Console

The DirectAccess Management Console provides several options for deploying DirectAccess. The DirectAccess Setup Wizard guides you through four steps to determine how the DirectAccess deployment should proceed, and before the changes are applied, you have the option of saving the settings into an Extensible Markup Language (XML) file.

The XML file can be modified and provides a way to examine which options are being set. You can also use the engine.ps1 PowerShell script to run the XML file. For more information, see Appendix C - DirectAccess User Interface Scripting in the DirectAccess Deployment Guide and Perform DirectAccess Scripting (

Custom configuration using the Network Shell (Netsh) command-line tool and Group Policy

For customized DirectAccess deployments that need to be modified from the default settings of the DirectAccess Setup Wizard to meet a unique set of needs, you can use Network Shell (Netsh) commands and Group Policy settings for the Group Policy objects for DirectAccess clients, DirectAccess servers, and selected servers. Custom configuration allows for maximum flexibility and the creation of unique solutions, including many permutations that are not covered in this Design Guide.

For information about Netsh commands for DirectAccess, see Appendix A – Manual DirectAccess Server Configuration and Appendix B – Manual DirectAccess Client Configuration. For information about Group Policy settings for DirectAccess, see Group Policy Management Console and Editor.