Set-DAClient

Set-DAClient

Configures the properties related to a DirectAccess (DA) client.

Syntax

Parameter Set: Set1
Set-DAClient [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Downlevel <String> ] [-ForceTunnel <String> ] [-OnlyRemoteComputers <String> ] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-DAClient cmdlet configures the properties related to a DirectAccess (DA) client.

The DA client properties consist of the following.
-- Force tunneling.
-- Support for down-level clients.
-- Support for remote computers only.

The DA client configuration is a global configuration and is applicable to all of the client computers in the DA deployment.

Parameters

-AsJob

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

-ComputerName<String>

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the Remote Access server computer specific tasks should be run.

-Downlevel<String>

Specifies that the appropriate policies should be deployed on down-level clients () clients for allowing connection to a Windows Server® 2012 DA server. The acceptable values for this parameter are: Enabled or Disabled.
This parameter can be configured only when multi-site is not deployed. If a user tries to configure it in a multi-site deployment, then this cmdlet displays an error.

-ForceTunnel<String>

Specifies that force tunneling should be enabled or disabled. The acceptable values for this parameter are: Enabled or Disabled.

-OnlyRemoteComputers<String>

Allows a user to enable or disable deployment of DA only on remote computers such as laptops and notebooks. The acceptable values for this parameter are: Enabled or Disabled.

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

-Confirm

Prompts you for confirmation before running the cmdlet.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

• None

Outputs

The output type is the type of the objects that the cmdlet emits.

• Microsoft.Management.Infrastructure.CimInstance#DAClientSettings

  The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
  The DAClientSettings object contains the following properties:
  -- The status of force tunneling.
  -- The NRPT object (for force tunnel properties).
  -- The status of the policy to deploy DA only on laptops and notebooks and not on all computers in the domain.
  -- The status of whether appropriate policies should be deployed on down-level clients (Windows® 7) to enable them to connect to the Windows Server 2012 DA server.

Examples

EXAMPLE 1

This example configures DA only for remote laptops and computers and mandatorily route traffic through the corporate network. A default Name Resolution Policy Table (NRPT) entry is added to indicate that all traffic to any suffix should be sent to the corporate network. This is a global setting and will be applied across clients.

PS C:\> Set-DAClient -ForceTunnel "Enabled" -OnlyRemoteComputers "Enabled" -PassThru

EXAMPLE 2

This example enables Windows® 7 clients to connect to the corporate networking over DA. There are multiple steps involved in achieving this configuration. By default PKI is disabled during DA installation and it needs to be enabled. This is achieved by provisioning an IPsec root certificate on the DA server using the Set-DAServer cmdlet. The enterprise needs to have a certification authority (CA) which will provision this certificate for all domain joint computers. The first two steps list out the certificates present in the root certificate store of the server computer and pick an appropriate one. In this case it happens to be the 13th certificate in the list. This certificate is then assigned as the IPsec root certificate to enable PKI. Once this is done the Down-level parameter in this cmdlet is set to Enabled to enable DA for Windows® 7 clients. This causes appropriate policies to be configured on Windows® 7 computer only.

PS C:\> $certs = Get-ChildItem –Path Cert:\LocalMachine\Root

PS C:\> $IPSecRootCert = $certs[13]

PS C:\> Set-DAServer -IPSecRootCertificate $IPSecRootCert -UserAuthentication TwoFactor

PS C:\> Set-DAClient -Downlevel "Enabled"

Related topics

Add-DAClient

Get-DAClient

Remove-DAClient

Set-DAServer

Get-ChildItem