DirectAccess Deployment Guide

Updated: June 3, 2010

Applies To: Windows Server 2008 R2


This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (

DirectAccess is one of the most anticipated features of the Windows 7 and Windows Server 2008 R2 operating systems. DirectAccess allows remote users to securely access intranet shares, Web sites, and applications without connecting to a virtual private network (VPN). DirectAccess establishes bi-directional connectivity with a user’s intranet every time a user’s DirectAccess-enabled portable computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the intranet, and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN. DirectAccess is supported by Windows 7 Enterprise, Windows 7 Ultimate, and Windows Server 2008 R2.

About this guide

This guide is intended for use by system administrators and system engineers. It provides detailed instructions for deploying a DirectAccess design that has been preselected by you or an infrastructure specialist or system architect in your organization. If your organization has not yet selected a design, see the DirectAccess Design Guide. You can then use this guide to deploy DirectAccess in your production environment.

This guide provides steps for deploying the following primary DirectAccess access methods:

  1. Full intranet access

  2. Selected server access

  3. End-to-end access

This guide also provides steps for deploying the following additional DirectAccess configurations:

  1. DirectAccess with Network Access Protection (NAP)

  2. Using Hyper-V to provide redundancy

  3. Adding capacity by moving the Internet Protocol security (IPsec) gateway function to another server

Use the checklists in Implementing Your DirectAccess Design Plan to determine how best to use the instructions in this guide to deploy your particular design. For information about hardware and software requirements for deploying DirectAccess, see Appendix A: DirectAccess Requirements in the DirectAccess Design Guide.

This guide, combined with the DirectAccess Design and Troubleshooting Guides, is also available as a Microsoft Word file ( in the Microsoft Download Center.