DirectAccess in Windows Server
Published: June 18, 2014
Updated: September 8, 2015
Applies To: Windows Server 2012 R2, Windows Server 2012 Essentials, Windows Server 2012, Windows Server 2012 R2 Essentials, Windows Storage Server 2012 R2 Essentials
As a role service of the Remote Access server role, DirectAccess is a feature that allows connectivity to organization network resources without the need for traditional Virtual Private Network (VPN) connections. With DirectAccess, client computers are always connected to your organization – there is no need for remote users to start and stop connections, as is required with VPN connections. In addition, your IT administrators can manage DirectAccess client computers whenever they are running and Internet connected.
DirectAccess provides support only for domain-joined clients that include operating system support for DirectAccess.
The following server operating systems support DirectAccess.
You can deploy all versions of Windows Server® 2012 R2 as a DirectAccess client or a DirectAccess server.
You can deploy all versions of Windows Server® 2012 as a DirectAccess client or a DirectAccess server.
You can deploy all versions of Windows Server® 2008 R2 as a DirectAccess client or a DirectAccess server.
The following client operating systems support DirectAccess.
Windows 10® Enterprise
Windows 10® Enterprise 2015 Long Term Servicing Branch (LTSB)
Windows® 8 Enterprise
Windows® 7 Ultimate
Windows® 7 Enterprise
DirectAccess provides multiple simplified deployment paths in Windows Server® 2012 R2 and Windows Server® 2012, including Basic, Advanced, and Enterprise.
For an illustration of these paths and links to related documentation, see DirectAccess Deployment Paths in Windows Server.
Learn about new features in DirectAccess.
For more information, see What's New in DirectAccess in Windows Server.
DirectAccess is also available in Windows Server 2012 Essentials, and enables seamless connectivity to your organization’s network from any Internet-equipped remote location without a virtual private network (VPN) connection.
To learn more about DirectAccess in Windows Server 2012 Essentials, see Configure DirectAccess in Windows Server Essentials.
In Windows Server® 2012 R2 and Windows Server® 2012, you can deploy both DirectAccess and Routing and Remote Access Service (RRAS) on the same server, allowing you to provide DirectAccess connectivity to supported clients as well as providing VPN access to remote clients that do not support DirectAccess.
To learn more about using more than one role service of the Remote Access server role, see Remote Access Server Role Documentation.
The following documentation is available for DirectAccess in Windows Server® 2012 R2 and Windows Server® 2012.
The topic Prerequisites for Deploying DirectAccess provides the prerequisites that are necessary for using the DirectAccess configuration wizards to deploy DirectAccess.
The topic DirectAccess Capacity Planning is a report on Windows Server 2012 R2 and Windows Server 2012 DirectAccess server performance to provide you with the ability to design your DirectAccess deployment based on your capacity needs.
The topic Add DirectAccess to an Existing Remote Access (VPN) Deployment provides an introduction to the Enable DirectAccess Wizard, which you can use to set up a single DirectAccess server, with recommended settings, after you have already set up a virtual private network (VPN).
The topic Deploy a Single Remote Access Server using the Getting Started Wizard provides instructions for you to deploy a single computer running Windows Server 2012 R2 and Windows Server 2012 as a DirectAccess server. This scenario allows you to configure the DirectAccess server in a few easy steps.
The topic Deploy a Single Remote Access Server with Advanced Settings allows you to set up a single DirectAccess server with advanced settings.
The topic Deploy Remote Access in an Enterprise provides links to documentation that allows you to deploy the following Enterprise DirectAccess scenarios.
Deploy Remote Access in a Cluster
Deploy Multiple Remote Access Servers in a Multisite Deployment
Deploy Remote Access with OTP Authentication
Deploy Remote Access in a Multi-Forest Environment
The topic DirectAccess Test Lab Guides provides links to test lab guides for DirectAccess.
The DirectAccess Offline Domain Join guide explains the steps to perform an offline domain join with DirectAccess. During an offline domain join, a computer is configured to join a domain without a physical or VPN connection to the organization network.
The topic Remote Access (DirectAccess) Known Issues provides information about recommended hotfixes and updates for DirectAccess.
The topic DirectAccess Unsupported Configurations provides a list of unsupported DirectAccess configurations.
You can use Troubleshooting DirectAccess to repair problems you encounter when deploying DirectAccess.
The topic Migrate from Forefront UAG SP1 DirectAccess to Windows Server 2012 describes the migration of an existing Forefront UAG SP1 DirectAccess deployment to DirectAccess in Windows Server 2012 R2 and Windows Server 2012