Appendix D – Scripted and Group Policy DirectAccess Client Installation Instructions
Note
Ensure the prerequisite steps from Appendix A have been completed.
Connectivity components
| Component | From the Command Prompt Window | Group Policy Setting |
|---|---|---|
Configure Teredo as Enterprise Client and Set Teredo Server |
netsh interface ipv6 set teredo enterpriseclient <name or ipv4 address of Teredo Server> |
Computer Configuration| Policies| Administrative Templates| Network| TCPIP Settings| Ipv6 transition Technologies| Teredo State=Enterprise Client and Computer Configuration| Policies| Administrative Templates| Network| TCPIP Settings| Ipv6 transition Technologies| Teredo Server Name=<name or ipv4 address of Teredo Server> |
Configure 6to4 Relay |
netsh interface 6to4 set relay <name or ipv4 address of 6to4 relay> |
Computer Configuration| Policies| Administrative Templates| Network| TCPIP Settings| Ipv6 transition Technologies| 6to4 Relay Name=<name or ipv4 address of 6to4 relay> |
Enable IP-HTTPS client and provide server information |
netsh interface httpstunnel add interface client https://<myservername>/IPHTTPS |
Computer Configuration| Policies| Administrative Templates| Network| TCPIP Settings| Ipv6 transition Technologies| IP-HTTPS State=enabled AND <name or ipv4 address of IPHTTPS Server> |
Name Resolution Policy Table
There are no command line interfaces for configuring NRPT, but there are Group Policy settings available.
NRPT must be configured with the namespaces for which you want to take action. In the context of DirectAccess, this typically means the namespace of your intranet with a leading dot (for example, .internal.contoso.com or .corp.contoso.com). From the client perspective, any name request that matches one of these namespaces will be sent to the specified intranet DNS servers. Make sure to include any and all intranet DNS namespaces that you want DirectAccess client computers to access.
Note
See the “Name Resolution Policy Table and DNS” section in Connectivity for details.
The namespace must have a leading dot or the NRPT will not function correctly.To configure the NRTP through Group Policy, see the Group Policy add-in for the appropriate Group Policy object at Computer Configuration\Policies\Windows Settings\Name Resolution Policy. From this add-in, you can create a new NRPT rule and edit or delete existing rules.