I've setup my first DirectAccess site (for a school with a notebook program). Connection is working fine through our TMG 2010 DMZ (2 NIC's) routing traffic to the DA server (single NIC).
The initial reason for using DirectAccess was to push students into using the schools filtered proxy server for Internet access from home. We want to be able to restrict access to network shares while at home, but still allow access at school. I've tried
to set a deny permission for the DA$ server itself, but that hasn't helped. The shares are hosted on the DC, which also hosts DNS via AD Integrated.
It's actually not the students we are worried about in this situation, we are more worried about parents browsing the network, which may have student photo's and other data.
If we could restrict via specific shares that would be a better scenario. This way we could allow them access to their Home drive, while denying access to the photo's and shared drives.