Prerequisites for Deploying DirectAccess
The following table lists the prerequisites necessary for using the configuration wizards to deploy DirectAccess.
| Scenario | Prerequisites |
|---|---|
| Deploy a Single DirectAccess Server Using the Getting Started Wizard | - Windows Firewall must be enabled on all profiles - Only supported for clients running Windows 10®, - A public key infrastructure is not required. - Not supported for deploying two-factor authentication. Domain credentials are required for authentication. - Automatically deploys DirectAccess to all mobile computers in the current domain. - Traffic to the Internet does not go through DirectAccess. Force tunnel configuration is not supported. - DirectAccess server is the network location server. - Network Access Protection (NAP) is not supported. - Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. - For a multisite configuration, now or in the future, first follow the guidance in Deploy a Single DirectAccess Server with Advanced Settings. |
| Deploy a Single DirectAccess Server with Advanced Settings | - A public key infrastructure must be deployed. For more information, see Test Lab Guide Mini-Module: Basic PKI for Windows Server 2012. - Windows Firewall must be enabled on all profiles. The following server operating systems support DirectAccess. - You can deploy all versions of Windows Server 2016 as a DirectAccess client or a DirectAccess server. The following client operating systems support DirectAccess. - Windows 10® Enterprise - Force tunnel configuration is not supported with KerbProxy authentication. - Changing policies by using a feature other than the DirectAccess management console or Windows PowerShell cmdlets is not supported. - Separating NAT64/DNS64 and IPHTTPS server roles on another server is not supported. |