DirectAccess Client and Server Settings GPOs Deleted

Microsoft Windows Server Active DirectoryFor DirectAccess deployments where domain controllers are running Windows Server 2003 or Windows Server 2003 R2 using the File Replication Service (FRS) for replication, DirectAccess client and server settings Group Policy Objects (GPOs) may be deleted. If these GPOs are deleted, DirectAccess connectivity will be disrupted. If the GPOs cannot be recovered via backup, it will be necessary to rebuild the entire DirectAccess deployment from scratch.

Microsoft recently updated their DirectAccess Unsupported Configurations documentation to reflect new guidance for DirectAccess deployments where the FRS is used for the distribution of Active Directory GPOs. DirectAccess is no longer supported in environments where FRS is used for SYSVOL replication.

What this means is that if you plan to deploy DirectAccess, domain controllers must be running Windows Server 2008 or later, and Distributed File System Replication (DFS-R) must be used for replication.

More details can be found here.

Leave a comment


  1. Zack

     /  July 29, 2015

    We actually ran into this and it was not fun. Luckily we were able to grab a backup of the GPO off of a DC that hadn’t replicated yet and restored it. Somehow we had made it all the way to 2012R2 DC’s without migrating to DFSR. We just recently did the migration so it’s ironic that this just got posted.

    • I’ve heard plenty of anecdotal stories about deleted GPOs, so I’m sure this was probably the root cause all along. I make it a practice to export GPOs immediately after configuration, just for good measure. 🙂

  2. upen desai

     /  November 16, 2016


    I hope you can help, with our directaccess implementation on Windows 2012, what the best way to get the devices to have mapped drives.

    Can the DirectAccess Clint Settings GPO which is created during the install wizard be amended to map drives.

    many thanks
    Upen Desai

    • If you want to map network drives for DirectAccess clients, you can use GPOs to do that easily. However, it is not recommended to edit the existing DirectAccess client and/or server settings GPOs. It is recommended to create new separate GPOs to apply any additional settings required for DirectAccess clients.


Leave a Reply

Discover more from Richard M. Hicks Consulting, Inc.

Subscribe now to keep reading and get access to the full archive.

Continue reading