• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3145
  • Last Modified:

Remove DirectAccess?

Against my better judgement, I rushed through a test to install RRAS (Direct Access) from 2012 Server R2.  When I got an error after installation, I tried to back out and remove it, only to have to remove DirectAccess separately via the cmdlet.  No problems, right?

Wrong.  It appears that our 2 Win 8 Ent. laptops, once they received the Group Policy update, are trying to connect to it.  And it still shows up in Group Policy.  How can I remove it completely from our AD/Group Policy?  I'm planning on doing the right thing and starting with a test environment first before pushing into production (yes, I should have done that first and normally would but ...) but I'd like to make sure that our AD is "pure" again.

Thanks for any and all help - greatly appreciate it.

Grog
0
fcummins
Asked:
fcummins
  • 3
  • 3
1 Solution
 
Brad BouchardInformation Systems Security OfficerCommented:
Try having the users come in and directly connect to your network and run a gpupdate/force.  Then remove any traces of it in GP.  AD doesn't need any maintenance on it to remove/clean things up.
0
 
fcumminsAuthor Commented:
Thanks.  I'm extremely rusty in GP - anything I need to watch out for?
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Nope, simply right click the GPO and uncheck the "Link Enable" option so it isn't working.  Then update the clients.  Also, if you need to manually remove it here are two great links:

http://virot.eu/manually-remove-direct-access-from-a-client/

http://superuser.com/questions/460495/uninstall-microsoft-directaccess-from-laptop
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
fcumminsAuthor Commented:
So the issue was actually only on two machines - both of which were running Windows 8 Enterprise which has the direct access client already installed.  They were due for upgrades so I took the opportunity to go ahead and upgrade them with new machines running Windows 8 Pro.

Brad, I'll check out those links about removing it from GPO once I finish with the current project.  Thanks for the help.
0
 
Brad BouchardInformation Systems Security OfficerCommented:
Brad, I'll check out those links about removing it from GPO once I finish with the current project.  Thanks for the help.

Sounds good, keep my posted.
0
 
fcumminsAuthor Commented:
Closing question as I resolved it by upgrading the affected computers.
0
 
Eric_MorcambeCommented:
For others looking at this post you may find that GPUpdate won't work.

If the client machines have DA settings but the DA infrastructure has been removed they will think they are offsite.
NRPT will still attempt to route any traffic destined to the internal domain over the DA tunnel which will fail stopping communication with DCs.

Remove the domain name Reg_Multi_SZ from under one of the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig

Run gpupdate and then check that registry to see if it's been cleaned up (not sure if settings will be removed as I was replacing them with fresh settings).
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now