DirectAccess Overview

Applies To: Windows Server 2008 R2

DirectAccess allows remote users to securely access internal network file shares, Web sites, and applications without connecting to a virtual private network (VPN). An internal network is also known as a private network or intranet. DirectAccess establishes bi-directional connectivity with an internal network every time a DirectAccess-enabled computer connects to the Internet, even before the user logs on. Users never have to think about connecting to the internal network and IT administrators can manage remote computers outside the office, even when the computers are not connected to the VPN.

You can use the DirectAccess Management Console to set up a DirectAccess infrastructure by performing the following tasks:

  • Specify the client computers that can use DirectAccess by selecting the security groups to which they belong

  • Configure the network adapters on the DirectAccess server that are connected to your internal network and the Internet and the certificates that you want to use for authentication

  • Configure the location of an internal Web site so that DirectAccess client computers can determine when they are located on the internal network

  • Configure the Domain Name Service (DNS) names that must be resolved by internal network DNS servers

  • Identify infrastructure servers (network location, DNS, and management servers)

  • Identify application servers for optional authentication

When you monitor DirectAccess, use the DirectAccess Management Console to determine the state of DirectAccess components that are running on the server.

Additional references

Understanding DirectAccess Components

Understanding DirectAccess Deployment Models

For more information, see the DirectAccess home page on Microsoft Technet (