none
Apply configuration and Activation - DirectAccess RRS feed

  • Question

  • As per company policy I can not apply the generated policies (configuration of UAG DA Server) and it has to go through different department.

    Option - Export the script, Ask another administrator to import the script from UAG Management. and apply the policy.

      Question 1: I do not see an option of importing txt or ps1 files but just XML files. Do we have to convert the script to XML file ? or there are any other options ? I checked it in our LAb environment but it just shows an option of BAckup files browse (not the file format)

      Question 2: I do not see the configuration coming up for other admin  accounts as we never applied the generated policies but just configured and exported it. Will all administrator account show the configuration once we apply the generated script ?

    Thanks in advance. Please suggest.

    Wednesday, September 22, 2010 6:15 PM

Answers

  • If you cannot run the script youself, then generate, and then EXPORT it. This saves it as a PS1 file, which you can send to anybody to run directly (assuming they have permissions, of course). You do not need to IMPORT the script - just run it somewhere else, on any domain computer.

    Once you run the script, the group policy objects will be created in the domain. At this point, you can open the Group Policy editor for your domain, and observe the new policies that have been created. To do so, open Administrative Tools and open Group Policy Management. You should see the policies under your domain.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA

    • Marked as answer by Erez Benari Wednesday, September 22, 2010 7:22 PM
    Wednesday, September 22, 2010 7:21 PM
  • No worries, I checked the scenario in lab environment. We get access from all AD accounts, the only problem at this point is I don't have configuration active.

     

    Thanks,

    pranav

    • Marked as answer by vyaspranav Thursday, September 23, 2010 3:48 AM
    Thursday, September 23, 2010 3:35 AM

All replies

  • I believe we can run the PS1 script from power shell but is that enough or we have to follow any other step?
    Wednesday, September 22, 2010 6:34 PM
  • If you cannot run the script youself, then generate, and then EXPORT it. This saves it as a PS1 file, which you can send to anybody to run directly (assuming they have permissions, of course). You do not need to IMPORT the script - just run it somewhere else, on any domain computer.

    Once you run the script, the group policy objects will be created in the domain. At this point, you can open the Group Policy editor for your domain, and observe the new policies that have been created. To do so, open Administrative Tools and open Group Policy Management. You should see the policies under your domain.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA

    • Marked as answer by Erez Benari Wednesday, September 22, 2010 7:22 PM
    Wednesday, September 22, 2010 7:21 PM
  • Thanks Ben

    Suppose once the configuration is activated. and the administrator leaves the company, Will the new administrator can see the same Direct Access Configuration Settings under his AD admin account for making any further changes ?

     

    I do not see that happening in other AD account as configuration is not activated.

    Thanks

     

    Wednesday, September 22, 2010 8:27 PM
  • No worries, I checked the scenario in lab environment. We get access from all AD accounts, the only problem at this point is I don't have configuration active.

     

    Thanks,

    pranav

    • Marked as answer by vyaspranav Thursday, September 23, 2010 3:48 AM
    Thursday, September 23, 2010 3:35 AM
  • Do you mean that you didn't activate the configuration on the UAG server?

    The activation enables the IPv6 transition technologies and other server specific settings that aren't included in the UAG DirectAccess server GPO

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Thursday, September 23, 2010 1:54 PM
    Moderator
  • Hey Tom

     

    No, The process of activating the configuration is not through my account, so I was worried about the part whether I would be able to see and make changes in configuration if required once the UAG DA policies are applied and activated from other administrator account.

    We do get access to all configuration once configuration is activated.

     

    Thanks,

    Pranav

    Tuesday, October 5, 2010 5:10 PM
  • Hi Pranav,

    You need to be a local admin on the UAG server to activate the configuration. Note that activation is not the same as the GPO deployment through the script. In order to deploy the GPO settings through the script, you need to have write permissions in the AD. If you want to see the changes, you need read permissions.

    HTH,

    Tom


    MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx
    Wednesday, October 6, 2010 10:09 AM
    Moderator