DirectAccess scripting allows you to use a PowerShell script to run a combination of Network Shell (Netsh) and PowerShell commands to configure DirectAccess with all of the required Group Policy objects and settings.
The DirectAccess snap-in generates an Extensible Markup Language (XML) data file whenever you save or apply settings. The default location for this file is %windir%\DirectAccess\DirectAccessConfig.xml. You can modify and customize this XML file by using the XML tags in the file. For example, the <InternalNetworkInterface> tag allows you to manually specify the name and ID of the internal network interface on the DirectAccess server. The customized XML file can then be passed as an input to a PowerShell script named Engine.ps1 to configure a DirectAccess server and all of the required Group Policy settings.
The Engine.ps1 PowerShell script is available at the Script Center Script Repository on Microsoft Technet (
The syntax for executing the script is the following:
engine.ps1 –mode {serveronly|gpsettingonly|all} [–data <dataFilePath>] [-log <logFilePath>]
- The mode parameter is required, and you must specify one of the following:
- serveronly: This value configures only the DirectAccess server and does not create or configure Group Policy objects and settings.
- gpsettingonly: This value configures only the Group Policy objects and settings and does not create or configure the DirectAccess server.
- all: This value configures both the DirectAccess server and the Group Policy objects and settings. This is equivalent to clicking Apply from the DirectAccess Review page.
- serveronly: This value configures only the DirectAccess server and does not create or configure Group Policy objects and settings.
- The data parameter is the path to the customized XML file. This is optional. If a location is not specified, the script runs the DirectAccessConfig.xml file in the %windir%\DirectAccess folder.
- The log parameter is the path to the log file. This is optional. If a location is not specified, the script creates the DirectAccess_log.txt file in the folder from which you run the script.
Additional references
- Configuring DirectAccess
- Windows PowerShell (
https://go.microsoft.com/fwlink/?LinkID=102372 )