How to set up Direct Access within Server 2016 network so remote users will always be authenticated against domain controller

Please provide me with the steps on how to set up Direct Access within a Server 2016 network so remote users will always be authenticated against the domain controller.
IT GuyNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IT GuyNetwork EngineerAuthor Commented:
How can this be done?
0
ChrisCommented:
not sure what you mean by "always be authenticated against the domain controller" - do you mean everytime they log onto the device or as soon as they connect to the Direct Access service?

For laptops we usually allow for cached logons so that users can log on to the workstation and complete any connection to a internet connection which would then allow for Direct Access to begin connecting i.e. Starbucks wifi etc.

Once DA can pass the connectivity requests the tunnel will be initiated and the users will also be authenticated

It would work if you don't have cached logons enabled but only if the local network they are connecting doesn't require interaction to complete
0
IT GuyNetwork EngineerAuthor Commented:
We set up laptops that are joined to our domain for our remote users.

We don't have any kind of VPN setup for the remote users.

We would like to make it so that whenever the users log onto their computers they will be authenticated against the domain controller so that this way any new group policies and logon scripts can run.

We would like to do this with Direct Access.


Please provide me with the steps on how to setup Direct Access so that this will be possible.
0
ChrisCommented:
this technet article is full of the details you need for setting up Direct Access.

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/directaccess/single-server-wizard/deploy-a-single-directaccess-server-using-the-getting-started-wizard

The issue is what kind of network the users are going to be connecting to DA on. If there is interaction required for the user to connect to the internet i.e. logon select WiFi network to get an internet connection then this wont work as the users will already be logged on.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.