Configure the NRPT with Group Policy

Updated: October 7, 2009

Applies To: Windows Server 2008 R2


This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (

You can configure the rules directly to the Name Resolution Policy Table (NRPT) with Group Policy, rather than using the DirectAccess Setup Wizard.

To complete these procedures, you must be a member of the Administrators group, or otherwise be delegated permissions to configure Group Policy settings. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To configure the NRPT with Group Policy

  1. Click Start, click Run, type gpmc.msc, and then press ENTER.

  2. In the console tree, open the domain.

  3. In the console tree, right-click the DirectAccess Policy-{3491980e-ef3c-4ed3-b176-a4420a810f12} Group Policy object, and then click Edit.

  4. In the console tree of the Group Policy Management Editor, open Computer Configuration\Policies\Windows Settings, and then click Name Resolution Policy.

    • To create a new NRPT rule for DirectAccess, in the details pane, click DNS Settings for Direct Access, select Enable DNS settings for DirectAccess in this rule. Specify the namespace to which the rule applies, the certification authority and Internet Protocol version 6 (IPv6) addresses of Domain Name System (DNS) servers (if needed), and then click Create.

    • To modify an existing rule, click the rule in the NRPT, and then click Edit Rule. When you are done making changes, click Update.

    • To delete an existing rule, click the rule in the NRPT, and then click Delete Rule.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.