Planning and Implementing DirectAccess with Windows Server 2016 on Pluralsight

Planning and Implementing DirectAccess with Windows Server 2016 on PluralsightI’m excited to announce my latest video training course, Planning and Implementing DirectAccess with Windows Server 2016, is now available on Pluralsight! In this course, I’ll provide a high-level overview of DirectAccess, compare it with VPN, and outline supporting infrastructure requirements. In addition, you’ll learn how to choose the best network topology for a DirectAccess deployment, how to prepare Active Directory and Public Key Infrastructure (PKI) for DirectAccess, and how to install and configure DirectAccess in Windows Server 2016 using the latest implementation and security best practices. You’ll also learn how to provision Windows 10 clients and understand the unique requirements for supporting Windows 7.

The course includes the following training modules:

  • Overview of DirectAccess
  • Planning for DirectAccess
  • Configuring DirectAccess with the Getting Started Wizard
  • Configuring DirectAccess with the Remote Access Setup Wizard
  • Provisioning DirectAccess Clients
  • Supporting Windows 7 Clients

Throughout the course, I share valuable knowledge and insight gained from more than 5 years of experience deploying DirectAccess for some of the largest organizations in the world. Pluralsight offers a free trial subscription if you don’t already have one, so watch my DirectAccess video training course today!

Planning and Implementing DirectAccess with Windows Server 2016 on Pluralsight

Implementing DirectAccess with Windows Server 2016

I am very excited to announce that my new DirectAccess book, Implementing DirectAccess with Windows Server 2016 from Apress media, is now shipping! The book is available on popular online sites like, Barnes & Noble,,, and others. The book is also available in electronic formats such as Amazon Kindle and Barnes & Noble Nook, as well as a variety of subscription formats including Safari, Books24x7, and SpringerLink.

Implementing DirectAccess with Windows Server 2016

This book contains detailed and prescriptive guidance for the planning, design, implementation, and support of a DirectAccess remote access solution on Windows Server 2016. It also includes valuable insight, tips, tricks, and best practice recommendations gained from my many years of deploying DirectAccess for some of the largest organizations in the world.

Current DirectAccess administrators will also find this book helpful, as the majority of content is still applicable to DirectAccess in Windows Server 2012 and Windows Server 2012 R2. In addition, the book also includes essential information on the design and deployment of highly available and geographically redundant DirectAccess deployments.

Troubleshooting DirectAccess can be a daunting task, so I’ve dedicated an entire chapter in the book to this topic. For those responsible for the maintenance and support of DirectAccess in their organization, this chapter alone will be worth the investment.

Be sure to order your copy today!

DirectAccess Consulting Services Now Available

Microsoft Certified Solutions Associate (MCSA)For the last five years I’ve been helping organizations large and small deploy DirectAccess. During that time I have amassed a wealth of knowledge and experience with this unique technology. DirectAccess is not trivial to install, configure, or troubleshoot. Also, it’s easy to make mistakes in the planning and design phase that can turn in to serious issues later in the deployment. To make matters worse, many organizations are deploying DirectAccess for the first time, and without essential guidance they are prone to making common mistakes or choosing configuration options that are less than optimal both in terms of supportability and performance.

Having deployed DirectAccess for some of the largest companies in the world, there isn’t much I haven’t already encountered. If you are looking for the best chance of success for your DirectAccess deployment, consider a consulting engagement with me. I can provide assistance with all facets of DirectAccess implementation including planning and design, installation, configuration, and troubleshooting. Consulting services at reasonable rates are available for all types of DirectAccess work including:

  • New DirectAccess installations
  • Migration from previous versions of DirectAccess
  • Upgrade or expansion of existing DirectAccess deployment
  • Enterprise planning and design for large-scale, multisite DirectAccess deployments
  • DirectAccess high availability (local and geographic)
  • Manage-out for DirectAccess with external hardware load balancers and/or multisite configuration
  • Multisite DirectAccess with geographic redundancy for Windows 7 clients
  • Existing DirectAccess design review and security assessment
  • Windows Server 2012 R2 client-based VPN configuration
  • DirectAccess client connectivity troubleshooting
  • DirectAccess training

Additionally, consulting services are available for a variety of security solutions as well as on-premises and cloud networking technologies such as:

  • Azure networking and infrastructure
  • Cross-premises connectivity to Azure
  • Certificate services (PKI)
  • IP address management
  • ISA Server and Forefront Threat Management Gateway (TMG) migration

All services can be performed on-site or remotely. If you are interested in obtaining my services, drop me a note at for more details. Monthly Newsletter – June 2015

WindowSecurity.comThe monthly newsletter is out! In this month’s edition I talk about the importance of “core” deployments of Windows Server. I’ve always been a big fan of server core, and Microsoft has been hard at work adapting workloads to this deployment configuration. They’ve made great progress, and in fact Windows Server 2016 will only install in either core or minimal server interface configurations – no GUI option by default! Yes, you can still add the GUI later, but Microsoft is really trying to shape user behavior and drive adoption of this important configuration option. Server core also has important security benefits too. Read the latest monthly newsletter to learn more.

5 Critical Settings Not Available in the Forefront TMG 2010 Management Console

Microsoft Forefront TMG 2010I’ve been working with Microsoft Forefront TMG 2010 and its predecessors (dating back to Microsoft Proxy Server 2.0) for many years. One of the hallmarks of this great product was its intuitive management console (ISA 2000 not withstanding of course!). As great as the TMG 2010 GUI is though, there are still a number of important configuration settings that can only be viewed or changed using the command line. In my latest (and last!) 5 Critical Settings Not Available in the Forefront Threat Management Gateway (TMG) 2010 Management ConsoleI share a few of these setting and demonstrate how to configure them using the command line commands or scripts.

Configuring Internal Load Balancing in Microsoft Azure

Configuring Internal Load Balancing in Microsoft AzureHave I mentioned I love using Microsoft Azure Infrastructure-as-a-Service? Perhaps once or twice. 🙂 Azure IaaS allows me to extend my on-premises test lab to the cloud and provide tremendous flexibility for some of the projects I’m working on. Occasionally I’ll have a need to create a load-balanced cluster of servers for testing, which on-premises can often easily be accomplished using the native Windows Network Load Balancing (NLB) feature. However, NLB isn’t supported in the cloud. Thankfully Microsoft recently added a load balancing feature in Azure to address this need. Read my latest article on to learn more!

Remote SQL Logging for Forefront TMG 2010 with Microsoft Azure

Microsoft Forefront TMG 2010I’m a big fan of configuring remote SQL server logging with Microsoft Forefront TMG 2010. I’m also a big fan of Azure, and combining the two just seemed natural! As you can spin up a SQL server in Azure in short order with relatively unlimited resources, I thought I’d explore the configuration of a SQL server hosted in Azure for use with Forefront TMG 2010 logging. Read my latest article on to learn more!

Implementing a CNG HTTPS Inspection Certificate for Forefront TMG 2010 – Part 1

Microsoft Forefront TMG 2010The venerable Microsoft Forefront TMG 2010 firewall has served capably for many years now, but it is beginning to show its age. For example, many web sites are now using modern SSL certificates with stronger cipher suites and hashing algorithms. When HTTPS inspection is enabled on the TMG firewall in its default configuration, some web sites that use these new certificates may not be accessible. To address this issue, some additional advanced configuration will be required. Be sure to read my latest article on to learn how to implement this workaround. Monthly Newsletter – February 2015
The monthly newsletter is out! The main topic of this month’s newsletter is…passwords. Boring, right? I know, it’s been hashed over thoroughly and anyone even remotely concerned with security understands the problems passwords pose. However, I chose the topic this month based on recent information that indicates, in spite of the fact that we all know how bad passwords really are, that we don’t seem to be making any progress making them better! Read this month’s newsletter to learn more.