Checklist: Configuring Network Access Protection (NAP) with DirectAccess

Published: May 17, 2010

Updated: May 20, 2010

Applies To: Windows Server 2008 R2

This topic describes deployment of DirectAccess in Windows Server 2008 R2. For deployment of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Deployment Guide (

This checklist includes cross-reference links to important concepts about deploying Network Access Protection (NAP) with DirectAccess. It also contains links to procedures and other checklists that will help you complete the tasks that are required to implement this design.

Complete the tasks in this checklist in order. When a reference link takes you to a conceptual topic, a procedure, or to another checklist, return to this topic so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Configuring NAP with DirectAccess


  Task Reference

Review important concepts for using NAP with DirectAccess.

Conceptual topic Planning DirectAccess with Network Access Protection (NAP)


(Optional, but recommended) Demonstrate DirectAccess with NAP in a test lab.

Conceptual topic DirectAccess with NAP test lab (


Deploy NAP with the Internet Protocol security (IPsec) enforcement method.

Conceptual topic Implementing Your NAP Design Plan

Checklist topic Checklist: Implementing an IPsec Enforcement Design


As needed by your NAP design plan, install an IPsec enforcement exemption certificate on the DirectAccess server.

Conceptual topic Create an IPsec NAP Exemption Group


As needed by your DirectAccess design plan, configure DirectAccess for the full intranet, selected server, or end-to-end access model.

Checklist topic Checklist: Implementing a DirectAccess Design for Full Intranet Access

Checklist topic Checklist: Implementing a DirectAccess Design for Selected Server Access

Checklist topic Checklist: Implementing a DirectAccess Design for End-to-End Access


As needed by your design plan, modify the connection security rules for DirectAccess clients and servers.

Checklist topic Configure DirectAccess Connection Security Rules for NAP

Community Additions