A lot of the magic that goes into making DirectAccess with UAG (and even with Windows) work are the dozens of settings that are enabled through Group Policy Object settings. Group Policy is responsible for configuring the UAG DA server, the DA clients and the servers that are in the group that are enabled for end-to-end security.
Ben Bernstein wrote a recent blog post that describes how you can customize the Group Policy deployment scripts that are created by the UAG DA wizard. These customizations will allow you to do two things that you can’t do in the wizard right now.
- Configuring GPO settings in a GPO you’ve already created, instead of one created by the DA Wizard – you can then link this GPO to an OU of your choice, instead of having the GPO linked to the root of the domain and using security filtering
- Enable a “manage out” scenario only. “Manage out” is term that the UAG team uses to describe remote management only for DA clients. That allows IT to manage the DA clients using their existing network management and control tools, but doesn’t enable DA clients from connecting to the network over the intranet tunnel
To make these changes, you’ll need to run the UAG DA wizard and then save the PowerShell script. Then you’ll need to make some edits to the script.
Check out the details on the UAG Team blog over at:
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)