Sometimes the easiest option for deploying a DirectAccess gateway is to grant domain administrator the user in charge of the deployment.
I will try to resume in this article the necessary rights for deploying DirectAccess.
1/ URA gatewayOn the server, the domain user account must be member of the local administrator group.
It's highly recommended to do these steps before:
- Create with the naming convention empties GPOs
- Link them to the right OU where we could found the gateways and the clients
In order to solve these rights problems raised by the configuration summary, the following rights are required on both GPOs:
- Create / Full rights, for the WMI filters
- Full rights on both GPOs used for DirectAccess