I have a Direct Access configuration to which I need to modify the group policy for the DNS servers. However, when I open Group Policy management - settings, the settings are shown under Administrative Settings "Extra registry settings". How do I edit these? They are not shown when I open the GPO for editing.

thanks in advance.

> I have a Direct Access configuration to which I need to modify the group > policy for the DNS servers. However, when I open Group Policy management > - settings, the settings are shown under Administrative Settings "Extra > registry settings". How do I edit these? They are not shown when I open > the GPO for editing.   This is expected. The DNS GPO Part is a distinct MMC snapin, but it stores its settings within registry.pol, which in turn is used "basically" for administrative templates.   Since there is no ADMX template to display the DNS configuration settings, it shows up as "extra registry settings".   In gpedit, they do not show up because there you can only edit ADM template settings for which an ADMX template is present.  

Thanks for your reply.

How do I get am admx template for this, as I need to edit the policy as some of the DNS entries are wrong.

thanks

Alan

> How do I get am admx template for this, as I need to edit the policy as > some of the DNS entries are wrong.   If you edit this GPO, you should use Policies - Windows Settings - Security Settings - DNS, and not Administrative Templates. If you do not have DNS, try using a newer OS version - AFAIR, DNS was introduced in W8/2012.   And - maybe I'm totally wrong and it is simply an issue of downlevel ADMX templates. Anyway, this too should be resolved when using a newer OS version with more up to date ADMX templates.  

My servers are all 2012 R2

The entry I need to change is listed in the report as

Software\Policies\Microsoft\Windows\RemoteAccess\Config\DnsServers

but I cannot find this in the GPO to edit. I can of course modify the registry on my domain controllers, but it gets overwritten the next time GP updates, and I don't want to turn of the GP as there are many other direct access settings it controls.

> Software\Policies\Microsoft\Windows\RemoteAccess\Config\DnsServers > but I cannot find this in the GPO to edit.   it "should" be in Computer configuration - Policies - Windows Settings - Name Resolution Policy.  

There is indeed a DNS policy there for Direct Access, but it is not populated. So I guess it is a different key it is using, but where?

> So I guess it is a different key it is using, but where?   Unfortunately, I have no idea...   I already checked all ADMX templates, this key isn't present in any of them. I also checked the older ADM templates - no result, too :-(  

Bummer :-(

Thanks anyway for your help

If anyone else has any ideas they'd be much appreciated.

Hi Alan,

Based our testing, the settings are are default after you have configured DirectAccess. Maybe the the only way is that you set the value before you configure DA. When set the value at first manually, then it wil recognize the manual, the system would create the default one.

You could refer to the article and set the value before you install DA

https://technet.microsoft.com/en-us/library/hh831377.aspx?f=255&MSPPError=-2147217396

Best Regards,

Mary Dong