This topic provides information about planning for DirectAccess client deployment.


DirectAccess client computers are managed computers that receive the Forefront Unified Access Gateway (UAG) DirectAccess settings from a DirectAccess client group policy object (GPO). Computers you want to configure as DirectAccess clients are gathered in organizational units (OUs) or security groups, and the GPO is applied to that group or unit.


DirectAccess client computer requirements are as follows:

  1. Computer must meet system requirements, and be joined to an Active Directory domain. For more information, see System requirements for Forefront UAG DirectAccess.

  2. Domains containing DirectAccess client computers can be any of the following:

    1. Domains that belong in the same forest as the Forefront UAG DirectAccess server.

    2. Domains that belong to forests with a two-way trust with the Forefront UAG DirectAccess server forest.

    3. Domains that have a two-way domain trust to the Forefront UAG DirectAccess server domain.


Only computers running a running Windows 7 Enterprise, or Windows 7 Ultimate operating system can be configured as DirectAccess clients.

Planning steps

Complete these planning steps before beginning Forefront UAG DirectAccess deployment.

  1. Ensure client computers are configured with the required operating system and joined to a supported domain.

  2. Within each domain, join client computers into a security group or OU.

  3. Deploy the DirectAccess Connectivity Assistant (DCA) 1.5 on client computers. For more information, see Planning for DCA deployment in Forefront UAG SP1.