A customer has requested recently that they want to be able to RDP to Direct Access Machines. You Can do this by doing the following.
- Create a Group Policy and only Apply it to your DA devices group.
- Edit the GPO, Expand “Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules”
- Now Create a new Inbound Rule
- Right Click New Rule
- Select Port
- Choose TCP and Specific port will be “3389”
- Select Allow the Connection
- Choose profiles “Private and Public”
- Name the Rule “Remote Desktop Services via DirectAccess”
- Right click the rule named “Remote Desktop Services via DirectAccess” and choose properties
- Go to the “Advanced” Tab and change the Edge Traversal option to “Allow edge traversal”
Finally run a GPupdate on the DA machine and you should then be able to RDP onto the DA machine (Please note you must have ISATAP configured and Remote via IPV6 Address)