Install DirectAccess with Windows Server 2016
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了Install DirectAccess with Windows Server 2016,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含49066字,纯文字阅读大概需要71分钟。
内容图文
![Install DirectAccess with Windows Server 2016](/upload/InfoBanner/zyjiaocheng/472/4433f266f3d44a2a9eff902ec4afb697.jpg)
Edge-facing deployments:
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A1/wKioL1f99m2A83y5AAA8mDagGZg095.png" "588" height="201" />
External interface connected to the public Internet using public IPv4 addressing
To configure the External interface, right-click the External adapter and choose
Properties. Highlight Internet Protocol Version 4 (TCP/IPv4) and then click
Properties. Provide an IPv4 address, subnet mask, and default gateway. DO NOT
specify any DNS servers!
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A1/wKioL1f99m7x0KJSAABTDXA61Dw475.png" "542" height="480" />
Click Advanced,Select the DNS tab and uncheck the box next to Register this connection’s addresses in DNS
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A1/wKioL1f99m7h1_WjAAAtLPA6z0o855.png" "398" height="486" />
Select the WINS tab and uncheck the box next to Enable LMHOSTS lookup.
In addition, in the NetBIOS setting section select the option to Disable NetBIOS over TCP/IP
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A1/wKioL1f99m_BbwW-AAAsZ-hDr-Q061.png" "398" height="478" />
Internal interface connected to a perimeter or DMZ network or the LAN using private IPv4 addressing
To configure the Internal network interface, right-click the Internal network
connection and choose Properties. Highlight Internet Protocol Version 4 (TCP/IPv4)
and then click Properties. Provide an IPv4 address and a subnet mask. DO NOT
specify a default gateway! Provide the IP addresses for DNS servers on the corporate
LAN as necessary
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A1/wKioL1f99m_S-8X8AABKy2KKZjw674.png" "489" height="498" />
2. Static Routes
As the Internal network interface does not have a default gateway, it will be necessary to configure static routes to remote internal subnets that will need to be reachable from the DirectAccess server and by DirectAccess clients. For example, if the DirectAccess server is on the 192.168.3.0/24 subnet, but there are systems on the192.168.10.0/24 subnet that must be accessible from the DirectAccess server, a static route will be defined by entering the following commands in an elevated PowerShell command window:
New-NetRoute -InterfaceAlias <Interface_Name> –DestinationPrefix <SubnetID/Mask> -NextHop <Gateway_Address>
Using the preceding example, the command to create the static route would look like this:
New-NetRoute -InterfaceAlias Internal -DestinationPrefix 192.168.10.0/24 -NextHop 192.168.3.254
3.Join Domain and Apply Updates
Using the Add-Computer PowerShell cmdlet, it is possible to rename the computer, join it to the domain, and place the server in a specific Organizational Unit (OU) with a single command:
Add-Computer -NewName <new_computer_name> -OUPath <OU_Path> –DomainName <domain_name>
For example:
Add-Computer –NewName SEN-DAS –OUPath "OU=DAS,DC=sen,DC=hi,DC=cn" –DomainName sen.hi.cn –Restart
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A4/wKiom1f99nCTR-SHAABzln2w3Bg776.png" "722" height="433" />
Once the DirectAccess server has been joined to the domain, proceed with installing Windows operating updates as necessary using Windows Update (Window Key + I ?Update & Security ? Check for Updates)
4.Certificates
DirectAccess requires two different types of certificates—computer (machine) certificate and an SSL certificate.
computer certificates are used for IPsec authentication and encryption. They must be issued to the DirectAccess server by an internal PKI. The certificate must include the Client Authentication Enhanced Key Usage (EKU) .
To create a certificate template, open the Certificate Services management console on the Active Directory Certificate Services (AD CS) server .
In the navigation tree, expand the server and then right-click Certificate Templates and choose Manage.
Optionally, you can press Windows Key + R and enter certtmpl.msc.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A4/wKiom1f99nCSlHBvAAAZ1sDoHuY371.png" "400" height="205" />
Right-click the Workstation Authentication template and choose Duplicate Template.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A1/wKioL1f99nGREoFcAACcblIMJt0872.png" "931" height="561" />
Select the General tab and provide a descriptive name[DirectAccess IPSec] for the new template.Specify an appropriate validity and renewal period based on your organization’s security policy
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A1/wKioL1f99nKwJvd9AAArcMnDw90207.png" "400" height="560" />
Select the Subject Name tab and choose DNS name for the Subject name format
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A4/wKiom1f99nKw8-kIAAA3To9R1Uo975.png" "400" height="560" />
Select the Security tab and click Add. Specify the names of the DirectAccess client security group and the name of each DirectAccess server.
Optionally, a security group can be created for DirectAccess servers, and that group can be specified here.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A1/wKioL1f99nOj6s7rAAB0W6cwJuQ138.png" "605" height="340" />
For the DirectAccess client group and the DirectAccess servers (or DirectAccess server group),check the Allow box for both Enroll and Autoenroll. Once complete, click OK
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A4/wKiom1f99nPTH_aJAABhPpYShS4454.png" "399" height="560" />
In the Certification Authority management console,
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A1/wKioL1f99nTy7WoYAABBfRahl9g959.png" "373" height="404" />
right-click Certificate Templates and choose New and Certificate Template to Issue. Highlight the DirectAccess IPsec certificate template and choose OK
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A1/wKioL1f99nWhnU0JAABoUiFRxXs329.png" "615" height="396" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A4/wKiom1f99nWhy3TuAABDbCcjtzU359.png" "577" height="366" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A4/wKiom1f99nayKZboAAB5smpgnJM462.png" "668" height="386" />
Computer certificates can be requested and installed manually on the DirectAccess server using the Certificates management console snap-in.
To request a computer certificate, press Window Key + R on the DirectAccess server to bring up the Run command box and enter certlm.msc
Expand Certificates (Local Computer), right-click Personal, and choose All Tasks and Request New Certificate. Click Next twice, select the DirectAccess IPsec certificate template, and click Enroll
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99nawQsAVAAAfKFwY0gQ220.png" "409" height="228" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99nezxvIdAABYVNmo64I453.png" "618" height="373" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99nfBFL3FAAAnreQusyI239.png" "615" height="454" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99njSGSL1AAAsBMhcI1I614.png" "619" height="431" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99njRLBKHAAAmRQ_VbO4288.png" "624" height="441" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99njwrdZ7AAAf0dZTQ8I817.png" "624" height="452" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99nnz8YpmAABQEc9Tex0473.png" "630" height="293" />
Automatic Enrollment
To the provisioning of certificates for DirectAccess servers and clients, and to ensure that certificates are automatically renewed before they expire it is recommended that certificate auto-enrollment be configured. This is accomplished by creating and deploying a Group Policy Object (GPO) in Active Directory.
To create and deploy a computer certificate auto-enrollment GPO, open the Group Policy Management console, [Run gpmc.msc] Expand the Forest, Domains, and the domain where the DirectAccess server and clients are joined. Right-click Group Policy Objects and click New. Provide a descriptive name for the new GPO and click OK.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99nmxxnfkAAAeEnfErDU333.png" "401" height="209" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99nqSms5dAAB3u8hnhww818.png" "583" height="533" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99nqz6O5pAAAM5K1tsYo895.png" "385" height="181" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99nuhLsMNAABrfCMmBQo860.png" "550" height="413" />
Right-click the newly created GPO and choose Edit. Expand Computer Configuration, Policies, Windows Settings, and Security Settings, and highlight Public Key Policies.
Double-click Certificate Services Client - Auto-Enrollment
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99nzzy285AADJ2C27Eb0213.png" "781" height="545" />
and select Enabled for the Configuration Model. Select the option to Renew expired certificates,update pending certificates, and remove revoked certificates
and Update certificates that use certificate templates and click OK
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99nzDarPOAAApCSuDPpc580.png" "397" height="501" />
In the Group Policy Management Console, select the GPO and click Add under Security Filtering. Remove Authenticated Users and specify the DirectAccess client security group and all DirectAccess servers (or the DirectAccess servers security group)
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99n3yluHsAACHOTcIBCM641.png" "783" height="565" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99n6gYxmMAAAMorwDCnM035.png" "364" height="168" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99n6h06eXAAB_R8rGedU463.png" "741" height="568" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99n_yj4WfAACKgpGKRAY734.png" "688" height="563" />
Finally, link the GPO to the domain. Optionally, the GPO can be linked directly to the DirectAccess servers and clients OU, if necessary.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99oDCO9QHAAB7A4dsDxs002.png" "636" height="428" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99oCBX5qlAAAVvVJXk60575.png" "444" height="406" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99oGinfqdAACFoOtqITA159.png" "954" height="378" />
SSL Certificate
An SSL certificate is required for the IP-HTTPS IPv6 transition protocol. It is recommended that the SSL certificate be obtained from a public certificate authority(CA), although the SSL certificate can be issued by the organization’s internal PKI,if an SSL certificate is issued by the organization’s internal PKI and Windows 7 clients are to be supported, the Certificate Revocation List (CRL) must be publicly accessible.
The first step in requesting a public SSL certificate is to generate a Certificate Signing Request (CSR) . This can be accomplished in a variety of ways, including using the Microsoft Management Console (MMC) Certificates snap-in, the certutil.exe commandline tool, and even the Internet Information Services (IIS) management tool:
To obtain an additional certificate for IP-HTTPS
-
On the DirectAccess server, click Start, click Run, type mmc, and then press ENTER. Click Yes at the User Account Control prompt.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99oHhAK1bAAAeg3t7FYg618.png" "415" height="223" /> -
Click File, and then click Add/Remove Snap-ins.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99oGBQqVuAAAoSiI7srU254.png" "437" height="299" /> -
Click Certificates, click Add, click Computer account, click Next, select Local computer, click Finish, and then click OK.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99oLAxO9LAABjxR77FF8790.png" "855" height="428" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99oKSr6SqAAAfyC8ysOQ555.png" "519" height="389" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99oPQNw1qAABjR6WPhAw113.png" "674" height="473" /> -
In the console tree of the Certificates snap-in, open Certificates (Local Computer)\Personal\Certificates.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99oTwgxr-AABwj1Ni0OM540.png" "656" height="428" /> -
Right-click Certificates, point to All Tasks, and then click Request New Certificate.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99oSTkox0AABin4vK-yk105.png" "594" height="341" /> -
Click Next twice.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99oXh5vjlAAAnXmgtJck527.png" "621" height="447" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99oWTaIVCAAAmRYubDCI276.png" "620" height="432" /> -
On the Request Certificates page, click the Web Server certificate template, and then click More information is required to enroll for this certificate.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99oayD9n8AAAxy8B-C8E375.png" "619" height="443" />If the Web Server certificate template does not appear, ensure that the DirectAccess server computer account has enroll permissions for the Web Server certificate template. For more information, see Configure Permissions on the Web Server Certificate Template.
To configure permissions for the Web Server certificate template
-
On the CA computer, click Start,click Run, type certtmpl.msc, and then press ENTER.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99oaiuQB-AAAZdW_iOE0240.png" "403" height="205" /> -
In the contents pane, right-click the Web Server template, and then click Properties.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99oeQiObkAABXQ7ZjbBo193.png" "558" height="453" /> -
Click the Security tab, and then click Add.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99oeBh-ZRAAA-62DT3-c518.png" "393" height="519" /> -
In Enter the object names to select, type the name of the security group that contains the computers that are allowed to request customized certificates, and then click OK.
This security group should contain, at least temporarily when requesting custom certificates, the computer accounts of the DirectAccess server and network location server. As a security best practice, do not use the Authenticated Users group.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99oeRiMU9AAAaQjtvdbo556.png" "462" height="256" /> -
In Permissions, click Enroll under Allow, and then click OK.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99oiC4FtxAAAzNs8ElMo502.png" "399" height="522" />
-
-
On the Subject tab of the Certificate Properties dialog box, in Subject name, for Type, select Common name.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99oiBVAm-AAAvpeJ4Uks395.png" "502" height="511" /> -
In Value, type the fully qualified domain name (FQDN) of the Internet name of the DirectAccess server (for example,da.sen.hi.cn), and then click Add.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99omxhosSAAAwbn12ODM761.png" "500" height="501" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99omSu-I8AAAww7NACLI043.png" "498" height="510" /> -
Click OK, click Enroll, and then click Finish.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99oqg0koCAAAxz_AX184993.png" "499" height="506" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99oujA2EvAAApEAvGoLU982.png" "618" height="446" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99ouAk2fnAAAf6nVx6bA332.png" "625" height="446" /> -
In the details pane of the Certificates snap-in, verify that a new certificate with the FQDN was enrolled with Intended Purposes of Server Authentication.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99ozA0DtEAACKPs4Gjdg471.png" "809" height="425" /> -
Right-click the certificate, and then click Properties.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99oyB4rg4AABsfK8SvY0929.png" "668" height="315" /> -
In Friendly Name, type IP-HTTPS Certificate, and then click OK.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99o2wkljPAAApLw0GhqQ084.png" "402" height="514" />
5. Installing the DirectAccess-VPN Role
Installing the DirectAccess-VPN role using PowerShell:
Install-WindowsFeature DirectAccess-VPN -IncludeManagementTools
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99o7Q8vZ7AAAhBIeIBp0477.png" "566" height="166" />
6. Configure DirectAccess with the Getting Started Wizard
To launch the Getting Started Wizard, open the Remote Access Management Console on the DirectAccess server.
The Remote Access Management Console can be found by clicking on the Start menu and navigating to All Apps ? Windows Administrative Tools ? Remote Access Management Conso le. Expand Configuration, highlight DirectAccess and VPN, and then click Run the Getting Started Wizard:
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99o6xmQw3AADM-1LQtH0810.png" "624" height="529" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99o_AwJ3pAAFDDkxHgYE895.png" "623" height="534" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99pHwldlWAAE2v49HYyg659.png" "1100" height="455" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99pKCifmKAADkTi2LRxg780.png" "646" height="470" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99pPBvs6aAADRy_qn2Rs476.png" "652" height="420" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99pSB-VzSAADGJpw1Mls579.png" "644" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99pTRleB1AAC20jFDGlk629.png" "643" height="527" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99pXxylHmAAEKfHrN_vY944.png" "734" height="513" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99peji6r4AAD3C7g0-sc988.png" "745" height="538" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99pfAogEpAADqriw-agw841.png" "740" height="543" />
Step 1: Remote Clients
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99pnx6OSeAAGVJg6Vvo0744.png" "1099" height="587" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99pqBGRgAAAEC7Qr9630722.png" "836" height="529" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99pvg32XkAAD28ZUAdkM796.png" "833" height="527" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99pzQeP8nAADy4C8m4BU717.png" "833" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99pyB_D7qAAD3p5nAlF0830.png" "831" height="529" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99p3Qc_iuAAD4WeAS5zw590.png" "833" height="531" />
NCA settings apply only to Windows 8.x and Windows 10 clients. These settings are not used by Windows 7 clients.
The Resources that validate connectivity to the internal network field is initially blank. Intuitively, information should be supplied here. However, it is not necessary (or recommended) to do so at this time. Resource validation is performed by Windows 8.x and Windows 10 clients by checking connectivity to this URL after the DirectAccess connection is made. During initial configuration, the DirectAccess deployment wizard will automatically populate this field with the URL http://DirectAccess-WebProbeHost.sen.hi.cn, which is hosted on the DirectAccess server (a corresponding host record in DNS resolving to the internal IPv4 address of the DirectAccess server is also configured). This setting can later be changed after the initial configuration has been completed.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99p7ibiaiAAD3Gt0R1So124.png" "834" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99p-iOa8AAAD1bQLqzWg421.png" "829" height="525" />
auto add dns to the DNS Server:
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99qCzJAJSAACMVGlJI1o974.png" "742" height="504" />
Step 2: Remote Access Server
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99qGgmQGmAAF0Xw3Ymzg854.png" "956" height="526" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99qLxKPNuAADpBq3UP0I903.png" "841" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99qKSX5g5AAD0VA41xwQ643.png" "842" height="524" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99qOCzg5lAADuK5F9XUg786.png" "841" height="528" />
Step 3: Infrastructure Servers
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99qSB2p10AAE93rH4lSA644.png" "738" height="520" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99qWgFKC0AAD2ESR7P_E220.png" "843" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99qbDQLBEAADtPZSUMD4873.png" "839" height="523" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99qbzeKPIAADnzxdNet4570.png" "834" height="522" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99qfCaXx7AADWTcU5Yw0162.png" "844" height="526" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A5/wKiom1f99qiDCGrhAADMbZkLgoE792.png" "840" height="525" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A2/wKioL1f99qnhG48OAAEIbv_9TEo109.png" "968" height="508" />
Step 4: Application Servers (Optional)
Step 4 of the Remote Access Setup Wizard is optional. By default, DirectAccess client communication is authenticated and encrypted only between the DirectAccess client and the server.
Communication between the DirectAccess server and hosts on the Internal network is not authenticated or encrypted.
If full end-to-end authentication—and, optionally, encryption—from the DirectAccess server to specific application servers is required, click Edit under Application Servers on Step 4.
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M00/88/A5/wKiom1f99qrhFJoRAAEnb7ZII10004.png" "714" height="503" />
Select the option to Extend authentication to selected application servers, click Add, and specify an Active Directory security group that includes servers requiring end-to-end authentication
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99qqTb9GgAADm93VJRzs237.png" "745" height="542" />
7.Client Configure and test
Add to AD:
Add-Computer –NewName DA-Win10 –OUPath "OU=DAClients,OU=DAS,DC=sen,DC=hi,DC=cn" –DomainName sen.hi.cn –Restart
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A5/wKiom1f99qvChPfjAAEUlTM4VM4363.png" "542" height="368" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M01/88/A2/wKioL1f99qzAHTW-AABeGIu38cg297.png" "500" height="376" />
<img alt="技术分享" onload="if(this.width>650) this.width=650;" title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; margin: 0px; padding-right: 0px" border="0" alt="image" src="http://s3.51cto.com/wyfs02/M02/88/A2/wKioL1f99qzh4ApRAAAo_A21kGM756.png" "458" height="506" />
Install DirectAccess with Windows Server 2016
标签:windows blank border target style
本文系统来源:http://ganzy.blog.51cto.com/91848/1861164
内容总结
以上是互联网集市为您收集整理的Install DirectAccess with Windows Server 2016全部内容,希望文章能够帮你解决Install DirectAccess with Windows Server 2016所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。