[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Remove DirectAccess?

Posted on 2014-03-28
Medium Priority
Last Modified: 2014-06-20
Against my better judgement, I rushed through a test to install RRAS (Direct Access) from 2012 Server R2.  When I got an error after installation, I tried to back out and remove it, only to have to remove DirectAccess separately via the cmdlet.  No problems, right?

Wrong.  It appears that our 2 Win 8 Ent. laptops, once they received the Group Policy update, are trying to connect to it.  And it still shows up in Group Policy.  How can I remove it completely from our AD/Group Policy?  I'm planning on doing the right thing and starting with a test environment first before pushing into production (yes, I should have done that first and normally would but ...) but I'd like to make sure that our AD is "pure" again.

Thanks for any and all help - greatly appreciate it.

Question by:fcummins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39962209
Try having the users come in and directly connect to your network and run a gpupdate/force.  Then remove any traces of it in GP.  AD doesn't need any maintenance on it to remove/clean things up.

Author Comment

ID: 39962220
Thanks.  I'm extremely rusty in GP - anything I need to watch out for?
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39962237
Nope, simply right click the GPO and uncheck the "Link Enable" option so it isn't working.  Then update the clients.  Also, if you need to manually remove it here are two great links:


Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Accepted Solution

fcummins earned 0 total points
ID: 39976282
So the issue was actually only on two machines - both of which were running Windows 8 Enterprise which has the direct access client already installed.  They were due for upgrades so I took the opportunity to go ahead and upgrade them with new machines running Windows 8 Pro.

Brad, I'll check out those links about removing it from GPO once I finish with the current project.  Thanks for the help.
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39976335
Brad, I'll check out those links about removing it from GPO once I finish with the current project.  Thanks for the help.

Sounds good, keep my posted.

Author Closing Comment

ID: 39997126
Closing question as I resolved it by upgrading the affected computers.

Expert Comment

ID: 40146998
For others looking at this post you may find that GPUpdate won't work.

If the client machines have DA settings but the DA infrastructure has been removed they will think they are offsite.
NRPT will still attempt to route any traffic destined to the internal domain over the DA tunnel which will fail stopping communication with DCs.

Remove the domain name Reg_Multi_SZ from under one of the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig

Run gpupdate and then check that registry to see if it's been cleaned up (not sure if settings will be removed as I was replacing them with fresh settings).

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question