Multi-level authentication and Direct Access
I'm quite interested in the management features of Direct Access. That is, I'd love to be able to consistently apply GPOs to our remote users. However, we're also strict about multi-level authentication (our VPN requires group credentials before the user's
credentials).
Is there any way to satisfy that requirement and also utilize Direct Access?
Thanks
September 27th, 2010 1:50pm
Hi mhashemi,
Thanks for posting here.
Based on my understanding that the authentication method and process of Direct Access is different from VPN connection .
By default, Direct Access supports standard user authentication using a computer certificate and user account name and password credentials.
You might also like to implement additional authorization with smart cards if you have a greater security consideration.
DirectAccess Authentication
http://technet.microsoft.com/en-us/library/dd637823(WS.10).aspx
Choose an Authentication and Authorization Scheme
http://technet.microsoft.com/en-us/library/ee382320(WS.10).aspx
DirectAccess Test Lab Extension: Using Smart Cards for Additional Authorization
http://social.technet.microsoft.com/wiki/contents/articles/directaccess-test-lab-extension-using-smart-cards-for-additional-authorization.aspx
Thanks.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2010 10:50pm
Hi mhashemi,
If there is any update on this issue, please feel free to let us know.
We are looking forward to your reply.
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
October 1st, 2010 5:45am