DirectAccess allows remote users to securely access internal network resources without a traditional VPN. This guide explains how to install and configure it on Windows Server.

How to Install DirectAccess on Windows Server?

1. Open Server Manager

Start in Server Manager to access the role and feature wizard.

Click Start and open Server Manager. Select Add roles and features.

Click Next until you reach the Server Roles page.

2. Add the Remote Access Role

Install the Remote Access role that includes DirectAccess components.

Select Remote Access and click Next.

Continue through the wizard and click Install. Wait for the installation to complete, then click Close.

If you also need IIS for related services, review how to install IIS on Windows Server.

3. Configure DirectAccess and VPN

Use the Getting Started Wizard to enable DirectAccess quickly.

In Server Manager, open the Tools menu. Select Remote Access Management. Choose Run the Getting Started Wizard. Click Deploy DirectAccess only to begin configuration.

4. Set Up the Network Topology

Define how the server interfaces with internal and external networks.

Select your network topology (Edge, Behind NAT, or Single Adapter). Assign the network adapters for internal and external connections. Provide the public name that matches your SSL certificate.

Ensure your firewall allows required traffic by following how to open ports in Windows Server.

5. Specify Client Computers

Choose which devices in your organization can use DirectAccess.

Select security groups that contain computers to enable DirectAccess. Review defaults or customize IPsec and DNS policies. Click Finish to apply the configuration.

6. Verify Configuration

Confirm the deployment is healthy before onboarding users.

Open the Remote Access Management Console. Check the Operations Status tab for Working on all components.

Test client connectivity from an external network.

What Is DirectAccess?

DirectAccess is a Microsoft remote access technology that automatically connects domain-joined clients to the corporate network. It uses IPv6 and IPsec to create a secure, always-on connection between the client and internal resources.

Why Use DirectAccess?

Always-on connection without manual login.

Seamless access to corporate resources.

Centralized management through Group Policy.

Enhanced security using IPsec encryption.

Prerequisites Before You Install DirectAccess

Verify the basics so the DirectAccess wizard completes without errors.

A Windows Server 2016 or newer domain-joined machine. Active Directory and Group Policy configured. A valid SSL certificate for the DirectAccess server. Two network adapters, one for internal and one for external traffic. Administrative rights on the server.

For additional preparation, see how to set up DNS in Windows Server.

Troubleshooting Installation Issues

Check these items if the wizard fails or clients cannot connect.

Confirm each NIC has a unique IP address and correct routing. Verify DNS and Active Directory replication are healthy. Ensure the SSL certificate is trusted and not expired. Run Get-DAStatus in PowerShell to locate configuration issues.

FAQs

Is DirectAccess still supported on Windows Server 2022? Yes. Microsoft supports DirectAccess, and Always On VPN is also available. Can I use DirectAccess on Windows 11 clients? Yes. Windows 11 Enterprise and Education editions can connect to a DirectAccess server. Can DirectAccess work behind a firewall? Yes. Configure required ports, including 443 and 62000, to allow traffic. What is the difference between DirectAccess and VPN? DirectAccess connects automatically without user action, while VPN requires manual sign in and sessions.

Conclusion

DirectAccess can deliver secure, seamless access for remote users when DNS is prepared, roles are installed correctly, and required ports are open.