jeudi 20 juin 2013

[DirectAccess] Required rights for deployment

Sometimes the easiest option for deploying a DirectAccess gateway is to grant domain administrator the user in charge of the deployment.

I will try to resume in this article the necessary rights for deploying DirectAccess.

1/ URA gateway

On the server, the domain user account must be member of the local administrator group.

2/ GPOs

It's highly recommended to do these steps before:
  1. Create with the naming convention empties GPOs
  2. Link them to the right OU where we could found the gateways and the clients

In order to solve these rights problems raised by the configuration summary, the following rights are required on both GPOs:
  • Create / Full rights, for the WMI filters
  • Full rights on both GPOs used for DirectAccess
For more information about delegated rights you could read this TechNet article: Delegation and policy-related permissions

Aucun commentaire:

Enregistrer un commentaire