Configure Corporate Connectivity Detection Settings

Updated: October 7, 2009

Applies To: Windows Server 2008 R2


This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (

You need to configure the Corporate Website Probe URL and Corporate Site Prefix List Group Policy settings for the Group Policy object for DirectAccess clients so that they can correctly determine corporate (intranet) network access.

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to configure Group Policy settings. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To configure the NRPT with Group Policy

  1. On a domain controller, click Start, click Run, type gpmc.msc, and then press ENTER.

  2. In the console tree, open the domain.

  3. In the console tree, right-click the DirectAccess Policy-{3491980e-ef3c-4ed3-b176-a4420a810f12} Group Policy object, and then click Edit.

  4. In the console tree of the Group Policy Management Editor, open Computer Configuration\Policies\Administrative Templates\Network\Network Connectivity Status Indicator, and then double-click Corporate Website Probe URL in the details pane.

  5. Click Enabled.

  6. In Corporate Website Probe URL, type the uniform resource locator (URL) of a highly available intranet Web server that is available to any computer connected to the intranet, either through a local area network (LAN) connection (such as wired or wireless) or DirectAccess.


This URL is different that the network location server URL, which is designed to be accessible only from a computer connected to the intranet through a LAN connection.

  1. Click Apply, and then click OK.

  2. Start a command prompt as an administrator.

  3. From the Command Prompt window, run the netsh –c advfirewall command.

  4. From the netsh advfirewall prompt, run the set store gpo=”DomainName\DirectAccess Policy-{3491980e-ef3c-4ed3-b176-a4420a810f12}” command.

  5. From the netsh advfirewall prompt, run the **consec show rule name=“DirectAccess Policy-ClientToDnsDc”**command.

  6. From the display of the consec show rule command, note the IPv6 address expressed as a range for Endpoint2.

  7. In the details pane of the Group Policy Management Editor, double-click Corporate Site Prefix List in the details pane.

  8. In Corporate Site Prefix List, type a comma, and then the IPv6 address for Endpoint2 with /128. For example, for the Endpoint2 IPv6 address 2002:836b:2::836b:2, type 2002:836b:2::836b:2/128.

  9. Click Apply, and then click OK.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.