This checklist provides the tasks required to install DirectAccess on a single server.

Task Reference

Ensure that your network meets the requirements for DirectAccess.

Checklist: Before You Configure DirectAccess

Install two network adapters (interfaces) on your DirectAccess server. Connect the internal network interface to your internal network.

See your hardware documentation.

From the Network Connections folder, configure your network connections (interfaces) with meaningful names indicating the network to which they are attached, such as “Internet” and “Internal network.”

Configure your internal network interface with a static IPv4 address configuration.

IPv4 General tab (

Join your DirectAccess server to your Active Directory Domain Services (AD DS) domain.

Active Directory Domain Services Home page on Microsoft Technet (

Ensure that your DirectAccess server is not a domain controller.

Connect the Internet interface to the Internet. Verify that a domain controller is not reachable from the Internet interface.

See your Internet hardware documentation.

On the Internet interface, configure at least two consecutive, static, public IPv4 addresses that are resolvable and reachable on the Internet. Addresses within the address ranges,, or are not public IPv4 addresses.

IPv4 General tab (

Configure connection-specific DNS suffixes on your Internet and internal network interfaces.

IPv4 and IPv6 Advanced DNS tab (

Ensure that the DirectAccess server has a computer certificate installed with the computer authentication Enhanced Key Usage (EKU).

View Certificates (

If the DirectAccess server is acting as the network location server, install Internet Information Services (IIS).

Identify Infrastructure Servers for DirectAccess;

Installing IIS 7.0 on Windows Server 2008 (

Install DirectAccess on the DirectAccess server.

Install DirectAccess

Run the DirectAccess Setup wizard and apply the settings.

Use the DirectAccess Snap-in to Configure DirectAccess