Checklist: Implementing a DirectAccess Design for Selected Server Access

Updated: October 7, 2009

Applies To: Windows Server 2008 R2


This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (

This checklist includes cross-reference links to important concepts about deploying DirectAccess in the selected server access model. It also contains links to procedures and other checklists that will help you complete the tasks that are required to implement this design.


Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, a procedure, or to another checklist, return to this topic so that you can proceed with the remaining tasks in this checklist.

Checklist: Implementing a DirectAccess design for selected server access

Task Reference

Review important concepts and the example for the DirectAccess selected server access model.

Selected Server Access

Selected Server Access Example

(Optional, but recommended) Demonstrate selected server access in a test lab.

DirectAccess test lab ( with the Selected Server Access extension (

Configure the required infrastructure for DirectAccess.

Checklist: Preparing Your Infrastructure for DirectAccess

Prepare the DirectAccess server computer for the DirectAccess Setup Wizard.

Checklist: Preparing Your DirectAccess Server

Install the DirectAccess feature on the DirectAccess server.

Install the DirectAccess Feature

Configure the DirectAccess server for the selected server access method with the DirectAccess Setup Wizard.

Configure the DirectAccess Setup Wizard for Selected Server Access

Configure the Corporate Website Probe URL and Corporate Site Prefix List Group Policy settings.

Design Your Intranet for Corporate Connectivity Detection

Configure Corporate Connectivity Detection Settings

If needed by your design plan, deploy and configure IPv6/IPv4 translator and IPv6/IPv4 DNS gateway devices.

Choose Solutions for IPv4-only Intranet Resources

See the IPv6/IPv4 translator and IPv6/IPv4 DNS gateway device documentation.

Configure the NRPT for an IPv6/IPv4 DNS Gateway

If needed by your design plan, configure force tunneling.

Configure Force Tunneling for DirectAccess Clients

If needed by your design plan, configure a connection or routing to the Internet Protocol version 6 (IPv6) Internet.

Connect to the IPv6 Internet

If needed by your design plan, configure client authentication and certificate mapping for Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS) connections.

Configure Client Authentication and Certificate Mapping for IP-HTTPS Connections

If needed by your design plan, configure connection security rules to protect traffic sent between DirectAccess clients.

Configure Connection Security Rules for Traffic Between DirectAccess Clients