Configuring clients for Forefront UAG DirectAccess
Published: January 11, 2010
Updated: February 1, 2011
Applies To: Unified Access Gateway
This topic describes how to configure clients to receive the Forefront Unified Access Gateway (UAG) DirectAccess client configuration settings. Group Policy provides an object-based method to create, distribute, and apply DirectAccess settings to clients. You must create or use existing Active Directory Domain Services security groups that contain the computer accounts for the computers that you want to receive DirectAccess settings. You select security groups, and add them to the list in the Forefront UAG DirectAccess client configuration screen. The Forefront UAG DirectAccess Configuration Wizard automatically creates Group Policy objects (GPOs) with the appropriate settings, and applies them to the specified security groups.
To configure clients for DirectAccess
In the Forefront UAG Management console, click DirectAccess to start the Forefront UAG DirectAccess Configuration Wizard.
From the Forefront UAG DirectAccess Configuration Wizard, in the Clients box, click Configure.
Click Add, select the security group(s) containing the computer accounts you want to enable for DirectAccess configuration, click OK, and then click Finish. Clicking Remove removes the currently selected security group from the list.
Important: When security groups are added in the Client Configuration section of the wizard, the domains of the client computers held in the security group are provisioned to receive settings from the GPO. If a client from an additional domain (not present as a client domain when the GPO was created), or a client whose domain is not included in the first level of nesting of the security group, is added to the specified security group, it is not automatically linked to the GPO so the client will not receive GPO settings. To resolve this problem, and link additional user domains, do the following:
At the end of the Forefront UAG DirectAccess Configuration Wizard, click Export Script and save the script, for example script.ps1.
On the taskbar, click Start, click All Programs, click Accessories, click Windows PowerShell, right-click Windows PowerShell, and then click Run as administrator.
From the PowerShell command prompt type the command:
./script.ps1 –AdditionalClientDomains "DC=corp, DC=contoso, DC=com|DC=corp2, DC=contoso, DC=com", and then press ENTER.
"DC=corp, DC=contoso, DC=com" represents a domain, and each domain you want to link is separated by a |.
- At the end of the Forefront UAG DirectAccess Configuration Wizard, click Export Script and save the script, for example script.ps1.