Set-DAClient

Configures the properties related to a DirectAccess (DA) client.

Syntax

Set-DAClient
   [-ComputerName <String>]
   [-ForceTunnel <String>]
   [-OnlyRemoteComputers <String>]
   [-Downlevel <String>]
   [-PassThru]
   [-CimSession <CimSession[]>]
   [-ThrottleLimit <Int32>]
   [-AsJob]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-DAClient cmdlet configures the properties related to a DirectAccess (DA) client.

The DA client properties consist of the following.

-- Force tunneling.

-- Support for down-level clients.

-- Support for remote computers only.

The DA client configuration is a global configuration and is applicable to all of the client computers in the DA deployment.

Examples

EXAMPLE 1

PS C:\> Set-DAClient -ForceTunnel "Enabled" -OnlyRemoteComputers "Enabled" -PassThru
OnlyRemoteComputers   : Enabled
Downlevel    : Disabled
ForceTunnelingStatus  : Enabled
ForceTunnelingNrptSuffix  : .

This example configures DA only for remote laptops and computers and mandatorily route traffic through the corporate network. A default Name Resolution Policy Table (NRPT) entry is added to indicate that all traffic to any suffix should be sent to the corporate network. This is a global setting and will be applied across clients.

EXAMPLE 2

PS C:\>$certs = Get-ChildItem -Path Cert:\LocalMachine\Root



PS C:\>$IPSecRootCert = $certs[13]



PS C:\>Set-DAServer -IPSecRootCertificate $IPSecRootCert -UserAuthentication TwoFactor



PS C:\>Set-DAClient -Downlevel "Enabled"
OnlyRemoteComputers   : Enabled
Downlevel    : Enabled
ForceTunnelingStatus  : Enabled
ForceTunnelingNrptSuffix  : .

This example enables Windows® 7 clients to connect to the corporate networking over DA. There are multiple steps involved in achieving this configuration. By default PKI is disabled during DA installation and it needs to be enabled. This is achieved by provisioning an IPsec root certificate on the DA server using the Set-DAServer cmdlet. The enterprise needs to have a certification authority (CA) which will provision this certificate for all domain joint computers. The first two steps list out the certificates present in the root certificate store of the server computer and pick an appropriate one. In this case it happens to be the 13th certificate in the list. This certificate is then assigned as the IPsec root certificate to enable PKI. Once this is done the Down-level parameter in this cmdlet is set to Enabled to enable DA for Windows® 7 clients. This causes appropriate policies to be configured on Windows® 7 computer only.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type:CimSession[]
Aliases:Session
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ComputerName

Specifies the IPv4 or IPv6 address, or host name, of the computer on which the Remote Access server computer specific tasks should be run.

Type:String
Aliases:Cn
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Downlevel

Specifies that the appropriate policies should be deployed on down-level clients (firstref_client_7) clients for allowing connection to a Windows Server® 2012 DA server. The acceptable values for this parameter are: Enabled or Disabled.

This parameter can be configured only when multi-site is not deployed. If a user tries to configure it in a multi-site deployment, then this cmdlet displays an error.

Type:String
Accepted values:Enabled, Disabled
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ForceTunnel

Specifies that force tunneling should be enabled or disabled. The acceptable values for this parameter are: Enabled or Disabled.

Type:String
Accepted values:Enabled, Disabled
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-OnlyRemoteComputers

Allows a user to enable or disable deployment of DA only on remote computers such as laptops and notebooks. The acceptable values for this parameter are: Enabled or Disabled.

Type:String
Accepted values:Enabled, Disabled
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ThrottleLimit

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

CimInstance

CimInstance

The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.

The DAClientSettings object contains the following properties:

-- The status of force tunneling.

-- The NRPT object (for force tunnel properties).

-- The status of the policy to deploy DA only on laptops and notebooks and not on all computers in the domain.

-- The status of whether appropriate policies should be deployed on down-level clients (Windows® 7) to enable them to connect to the Windows Server 2012 DA server.