MCSA 70-741 Flashcards
What is an NS record?
Name Server record
Indicates what name server is authoritative for a particular DNS zone
What is an MX record?
Mail Exchange record
for a mail server
What is a CA record?
Certificate Authority Record
What type of records would be in Public DNS?
- NS records
- MX records
- Web server records
- CA records
What are the basic DNS client tools?
In Command Line:
nslookup
In PowerShell:
Resolve-DNSName
What is an AAAA record?
An AAAA record points to an IPv6 address.
May be pronounced as “Quad A Record.”
What is JEA?
Just Enough Administration
Allows you to set up special remote PowerShell sessions that are limited in which cmdlets, parameters, and parameter values can be used.
Requires extensive planning to ensure that the appropriate cmdlets and parameters are available.
Can be linked to RBAC groups
What are the benefits of installing a DNS server on Server Core rather than a server with the Desktop Experience?
- Reduced attack surface
- Reduced resource footprint
- Reduced patching requirements, therefore less frequent reboots
What are the benefits of running your DNS server on the Domain Controller?
- Supports Active Directory Integrated Zones.
* Any domain controller that hosts a copy of an AD Integrated Zone can process zone updates.
What is a Primary DNS Zone?
You have a primary server processing updates to the zone.
They can be deployed on a domain controller, member server, or standalone computer.
It uses a zone file. Zone data is stored in the zone file.
What is an Active Directory Integrated Zone?
Instead of having a Zone file, all of the zone data is stored within Active Directory.
The benefits of this are that:
Any domain controller that hosts a copy of the zone can process zone updates
What options are available for allowing dynamic updates in DHCP?
- Allow secure dynamic updates
- Allow non-secure dynamic updates
- Do not allow dynamic updates
What is a Secondary DNS Zone?
- A read-only replica of a primary zone
- Creates a copy of a zone that exists on another server.
- Helps balance the processing load of primarily servers, and provides fault tolerance
- needs permission to transfer zone from primary
- Can transfer zone data from primary zone or other secondary zone
- Allows you to have a DNS server in an environment where you don’t want the server to be processing updates.
What is a Stub DNS Zone?
- A stub zone is used to provide information about authoritative name servers for a zone.
- It creates a copy of a zone containing only Name Server (NS), Start of Authority (SOA), and possible glue Host (A) records.
- It is able to update when name servers in target zone change (unlike a DNS forwarder)
What is a Reverse Lookup Zone?
- Contains PTR records
- Used for resolving IP addresses to FQDNs
- Can be configured for either IPv4 or IPv6
What is a Global Name Zone?
- Provides single label name resolution, i.e., it allows resolution of short, easy names rather than requiring FQDNs.
- Designed as a replacement for WINS servers (which were for NetBIOS name resolution)
To configure:
• Primary zone must be created with zone name “GlobalNames”
• Enable GlobalNames zone support on each server that hosts zone
In DNS, what is a Delegation?
- Delegation points at a sub domain of an existing domain
- Can be hosted on the same DNS server, or another DNS server
- You must create the sub domain zone prior to performing the delegation
What is Zone Scavenging?
- Allows for automatic removal of DNS resource records that are no longer in use
- Primarily useful for zones with transient entries (Ex., public Wi-Fi)
- Can be set at the server level or zone level
- Disabled by default
- When enabled, you set the No-Refresh Interval, and Refresh interval.
- Scavenging can occur automatically, or can be forced.
What is Zone Transfer, and what policy options are possible?
Zone Transfer policy determines whether secondary zones can be configured.
Configured in the Properties for a Zone, if you choose to Allow zone transfers, your options are:
- To any server
- Only to servers listed on the Name Servers tab of the Zone properties
- Only to a list of specified servers
What is this command?
Get-DNSServerRecursion
This cmdlet will tell you whether DNS Server Recursion is enabled or not, and the current configuration of its settings
What is NRPT?
Name Resolution Policy Tables
- Provides policy-based name resolution request routing for DirectAccess clients
- Allows clients to send DNS requests for the corporate namespace over the DirectAccess connection to the LAN DNS server, while any other namespaces’ requests will go to a public/internet DNS server configured on the client’s network adapter.
- Configured using Group Policy
What is DANE?
DNS-based Authentication of Named Entities
- Publishes TLSA through DNS, which state the CA from which they should expect a certificate.
- This protects against rogue CAs issuing illegitimate TLS certs
- Requires DNSSEC for the zone hosting the TLSA record
What is a KSK?
Key Signing Key (KSK)
Part of DNSSEC
The KSK is an authentication key that corresponds to a private key used to sign one or more other signing keys. Typically, the private key corresponding to a KSK will sign other keys used for signing the zone.
What is a ZSK?
Zone Signing Key (ZSK)
Part of DNSSEC
The ZSK is an authentication key that corresponds to a private key used to sign zone data. Typically, ZSKs are rolled over more frequently than KSKs.
What is NSEC?
Next Secure
NSEC and NSEC3 are resource records for DNSSEC, which provide authenticated denial of existence.
What is:
TA
Trust Anchor
Two types of DNSSEC resource records are referred to as Trust Anchors:
DNS Key (DNSKEY)
Delegation Signer (DS)
What is DNS Round Robin?
A single hostname has multiple DNS records with different IP addresses and low TTL.
The DNS server cycles through records each time an address is requested.
This allows for load balancing.
It is configured in the properties of a zone, in the Advanced tab.
What are DNS Policies?
What can you do with it?
A new feature of Server 2016,
DNS Policies allow you to configure how a Windows Server 2016 DNS server behaves, based on a combination of client, server, and environmental variables.
Features:
- Location-based traffic management
- Load balancing with weighting
- Time-based policies
- Split Brain DNS
- Selective recursion
- Query filters
When there are conflicting DNS policies, how would they get applied?
Policies configured at the server level will take precedence over policies at the zone level.
Policies are assigned priorities, and the lowest priority will be applied first.
The first match wins, so as soon as a policy is applied, the other policies are ignored.
What is RRL?
Response Rate Limiting
- RRL settings allow you to configure how a DNS server responds to repeated queries for the same record over a short period of time, since such behavior is likely malicious, as in a DOS attack.
- It is disabled by default on Server 2016 DNS.
What is Selective Recursion Control?
You can configure the DNS server to resolve queries recursively for some clients, without the DNS server being an open resolver for all clients.
For example, you could allow recursion for internal clients, but disallow recursion for external clients, which would help mitigate the amplitude of a DDOS attack.
What are Upward Referral Responses, and when are they used?
Prior to Server 2012 R2, Windows DNS servers with recursion disabled would reply with an “upward referral response” which contained a list of name servers.
This makes the DNS server susceptible to a DNS amplification attack.
Windows Server 2016 DNS servers with recursion disabled will instead respond with SERV_FAIL messages.
This generally should not cause a problem, since most clients should already be aware of what the root servers are, and shouldn’t need a list.
What is Cache Locking?
Cache Locking configures the DNS cache so that records in the cache cannot be overwritten until a chosen percentage of the TTL has expired.
It is enabled by default, for 100% of the TTL.
This helps mitigate against cache poisoning attacks.
What is a cache poisoning attack?
When records in the DNS server’s cache are overwritten by fraudulent, malicious records.
What does Microsoft recommend for configuring a high-performance DNS server with high activity?
If the server is receiving a couple hundred or a couple thousand of queries per second, leave on defaults. If receiving tens or hundreds of thousands of queries per second, then:
- Disable recursion, either entirely, or through selective recursion where it is allowed for an internal scope of clients, but disabled for everyone else
- Create an explicit firewall rule for UDP port 53 for interface IP address. This reduces firewall CPU usage.
- On computers with more than 12 cores, set the UDP thread count to 8. This is the optimum level. (If less than 12 cores, leave on default)
- Set network adapter buffers to maximum
What is BIND?
BIND is the most widely used DNS server software. It is open source.
Windows Server 2016 DNS can be configured to interface with it.
What is the default lease duration for DHCP in Server 2016?
8 days
What is MADCAP?
Multicast Address Dynamic Configuration Allocation Protocol
- Previously known as Multicast DHCP
- Provides addresses in the multicast address range (224.0.0.0 through 239.255.255.255)
- Clients still need an IP address for network communication outside of the multicast range. So, clients can receive a traditional IP address as well as a multicast address for when they need to access multicast networks and content.
What is the IPv4 multicast address range?
224.0.0.0 through 239.255.255.255
What is multicasting?
- Multicasting is the process of sending messages to a select group of clients on a network.
- Used for services like streaming audio and video.
- Multicast is used when you have a single point of content that you want going out to many points. Instead of using unicast to broadcast to each individual client, multicast broadcasts to many clients.
What items are provided by DHCP for IPv4?
Network
Subnet
Default Gateway
Option Codes (DNS Servers, NTP Servers, etc)
MAC Address
What items are provided by DHCP for IPv6?
- Network Prefix
- Option Codes (DNS Servers, NTP Servers, etc)
- DHCP Unique Identifier (DUID)
- Interface Association Identifier (IAID)
What are differences between DHCPv4 and DHCPv6?
- In DHCPv6, it is not necessary to provide the Default Gateway, because that is handled by router advertisements from the local router.
- MAC addresses are not used for DHCPv6 address allocation. Instead, it uses a DUID and IAID (DHCP Unique Identifier and Interface Association Identifier).
What is a DUID?
DHCP Unique Identifier
- A unique ID per host computer, used for IPv6 DHCP.
- In the Windows DHCP console, this is labeled as a “Unique ID” in some places.
What is an IAID?
Interface Association Identifier
A unique number per network interface, used for IPv6 DHCP.
What is SLAAC, and how does it work?
Stateless Address Automatic Configuration
Allows a host to generate its own IPv6 addresses using a combination of locally available information, and information advertised by routers.
SLAAC requires an IPv6 router, to send out Router Advertisement (RA) messages. These messages contain the IPv6 prefix information (similar to an IPv4 subnet), and the default gateway address.
What are the meanings of the Server-related icons in the Windows DHCP console?
• Server icon with no indicator: DHCP server is added to console
Server icons with indicators:
- Green check mark: DHCP server is connected and active in console
- Red down arrow: DHCP server is connected, but not authorized in AD for use on your network
- Red minus symbol: DHCP server connected but current user does not have the administrative credentials to manage the server
- Yellow exclamation mark: DHCP server warning. Available addresses for server scopes are 90 percent or more leased and in use.
- Blue exclamation mark: DHCP server alert. No address are available from server scopes because 100 percent of the addresses allocated for use are currently leased.
What are the meanings of the Scope-related icons in the Windows DHCP console?
Folder icon with no indicator:
Scope or superscope is active
Folder icons with indicators:
Red down arrow: Scope or superscope is inactive
Yellow exclamation mark: Scope or superscope warning. Scope warning: 90 percent or more of the scope’s IP addresses are in use. Superscope warning: If any scope within the superscope has a warning, the superscope has a warning.
Blue exclamation mark: Scope or superscope alert. Scope alert: All IP addresses have been allocated by the DHCP server and are in use. Superscope alert: At least one scope contained in the superscope has all IP addresses allocated by the DHCP server.
What tools are available for migrating a DHCP server?
For migrations from Server 2012 R2 or older, to Server 2016, you may use netsh
For migrations from Server 2012 or newer, to Server 2016, you may use PowerShell:
Export-DhcpServer
Import-DhcpServer
What modes are possible for DHCP failover, and what are the differences?
Hot Standby
- Active-passive failover
- Best suited for branch office
- Branch office has primary DHCP server; central office has a standby partner DHCP server that will only become active if the primary goes down.
Load Balancing
- Active-active failover
- Both servers are active
- Best suited for same-site deployments
What is RBAC?
Role-Based Access Control
Part of IPAM, it allows you to configure user permissions within IPAM, based on what a user can do, and where they can do it.
How is DHCP failover configured?
- DHCP failover supports DHCPv4 scopes only, not DHCPv6.
- Failover is configured at the scope level.
- You first configure the scope on one (primary) server, then in the settings for that scope, configure failover and specify the partner server and failover mode.
- You can only add one partner server configured as failover, for a total of two servers on the scope.
What is IPAM?
IP Address Management
How may an IPAM server be configured for provisioning, and what are the recommendations?
- It can be configured for manual provisioning, which is extremely complicated and requires numerous firewall configurations on each server.
- Manual provisioning should only be used, if at all, when you have a very small number of servers to manage.
- It is recommended, and much easier, to configure for Group Policy-based provisioning, also called automatic provisioning.
- Once the IPAM server has been provisioned, you cannot change the provisioning type.
What can you do with IPAM?
- Configure DHCP server properties
- View DNS server properties
- Create, configure, and manage DHCP scopes and options
- Create, configure, and manage DNS zones and options
- Manage IP addressing
- Record historical data
- Manage physical and virtual IP address space
- Note that IPAM CANNOT manage 3rd party products or Azure
What kind of computer can IPAM be installed on?
- It cannot be installed on a domain controller
- Avoid installing on a DNS or DHCP server (it is best installed as a standalone server)
- Can optionally be installed on Server Core
- The IPAM server, and all servers it is managing, must be members of the domain
What are the limits of how much IPAM can manage?
IPAM can manage up to:
- 150 DHCP servers
- Approx. 6000 scopes
- 500 DNS servers
- Approx. 150 zones
- 3 years of forensics data
- 100,000 users
What is an IP block?
In IPAM, a Block is an IP address space used by an organization, which could contain multiple ranges and subnets.
Ex. 192.168.x.x
This block could include 255 Class C subnets.
A Block configured in IPAM will include:
- Network ID
- Prefix length
- Automatic assignment settings
- Start and end IP addresses
- For Public IPs, the registry details
What is an IP range?
In IPAM, a Range is a contiguous group of IP addresses within a block.
It may contain multiple subnets.
A range can also be defined as a subnet within a block.
How does the “Find and Allocate Available IP Address” function of IPAM work, and what does it do?
It locates an available IP address to assign to a host, and can create a DHCP reservation and DNS records all in the same process.
It locates an available address by first checking the IPAM database, then confirming with DNS Records, and finally by attempting to PING the address.
What are the requirements for Auditing user logon events using IPAM?
- Account Login Event auditing must be enabled on all Domain Controllers (it is NOT enabled by default)
- IPAM must be configured to manage all Domain Controllers (so that any DC which processes the login will have the event captured)
- Reverse lookup zones must be configured
- DHCP logging must be enabled (it IS enabled by default)
- Note, this will only audit domain user logins; local user logins cannot be audited using IPAM
What is IP Address Tracking?
A feature of IPAM, IP Address Tracking can search and correlate IP address usage history by:
- IP Address
- Client ID
- Hostname
- Username
Note, a date or date range must be specified when searching.
What are the requirements for managing multiple forests in IPAM?
- A two-way trust relationship, either between the domain that hosts IPAM and every other domain in the forest, or else a full forest-trust relationship
- The account that performs GPO provisioning for each domain must be a member of the administrators group in that domain, or be delegated the appropriate privilege. It requires credentials that have the ability to run IPAM’s Invoke-IPAMGPOProvisioning command.
What are the steps to setting up a trust relationship between forests?
1) In DNS, set up a conditional forwarder from each domain to the other. (Each forest needs to be able to find the root domain of the other.)
2) In Active Directory, go to the Properties of a forest, then the Trust tab, and click “New Trust” to launch the wizard.
How do you backup and restore IPAM?
You only need to backup and restore these two files:
ipam.mdf
ipam_log.ldf
Both are contained in \Windows\System32\Ipam\Database
What are the requirements for migrating the IPAM database from WID to SQL?
- Requires SQL Enterprise Edition
- Must be SQL 2012 or newer. The newer, the better.
- Migration is one-way. You cannot migrate back to WID.
What is the DHCP Option ID for PXE?
The DHCP Pre-Boot Execution (PXE) client option ID is:
060
You could use this to get clients to work with WDS.
What is this cmdlet?
Get-DHCPServerInDC
This will show all authorized DHCP servers in Active Directory, i.e. authoritative DHCP servers in the domain.
What are the requirements to use IPAM to manage the IP address space of a VMM server?
- A domain user account that does not expire
- The user must be in these two groups on the IPAM server: IPAM ASM Administrators, and Remote Management Users
- Time must be synchronized between the VMM and IPAM servers
- Following the above, IPAM must be added to the VMM networking fabric
What is DirectAccess?
DirectAccess allows managed domain-joined computers to connect to the internal corporate network as DirectAccess clients.
Connectivity is seamless and transparent, and is available any time client computers are connected to the Internet.
DirectAccess administrators can remotely manage clients, ensuring that mobile computers are kept up-to-date with security updates and corporate compliance requirements.
In Windows Server, what is VPN, and where is it configured and managed?
VPN allows it to remotely access corporate networks over a VPN connection.
It is managed in the Remote Access console.
What does installing the Remote Access role allow you to manage?
The following roles services fall under the Remote Access role:
• Remote Access Service (RAS)
- Includes DirectAccess, VPN, and RAS Gateway
• Routing
- Provides support for NAT Routers, LAN Routers running BGP, RIP, and multicast capable routers
• Web Application Proxy
What does the Routing and Remote Access console allow you to configure and manage?
You can configure:
- A site-to-site VPN
- a VPN gateway
- a Dial-up remote access server
- NAT
- LAN routing
- a basic firewall
What are the Private Internal IP Address Spaces, designated by RFC 1918?
Class A:
- 0.0.0/8
- 0.0.0 to 10.255.255.255
Class B:
- 16.0.0/12
- 16.0.0 to 172.31.255.255
Class C:
- 168.0.0/16
- 168.0.0 to 192.168.255.255
When would you consider using VPN rather than DirectAccess?
You would use VPN instead of DirectAccess if:
- The client is not part of the domain
- The client applications do not support IPv6
- You need to support Windows XP clients, or Windows 7 clients where there’s no PKI
- You need to support non-Enterprise editions of Windows
- You need to support non-Windows clients
- There’s no strong need to specify restricted resources
What tunneling protocols are available in Server 2016?
PPTP
- Point-to-Point Tunneling Protocol
- not recommended due to security weaknesses
L2TP/IPsec
- Layer 2 Tunneling Protocol
- Uses IKEv1
SSTP
- Secure Socket Tunneling Protocol
- does not support site-to-site VPNs
IKEv2
- Internet Key Exchange version 2
- the default protocol for Windows 7, Server 2008 R2, and newer systems
What authentication protocols are available for VPN connections in Server 2016?
PAP
- Password Authentication Protocol
- sends in plaintext; not recommended
CHAP
- Challenge-Handshake Auth. Protocol
- also older and not recommended
MSCHAPv2
- Microsoft’s improvement on CHAP
- Mutual (2-way) authentication
EAP/PEAP
- (Protected) Extensible Authentication Protocol
- Flexible; clients and servers negotiate the authentication method based on their respective capabilities; can also use certificates
What is RADIUS?
Remote Authentication Dial-In User Service
A RADIUS server is an NPS system that provides a central location to authenticate and authorize users for multiple remote access servers.
What is NPS, and what is it used for?
Network Policy Server
In the NPS console, you can:
Configure remote access policies
- Connection request policies
- Network policies
Configure RADIUS
- Radius clients and servers
- Radius accounting
- Radius templates management
What is CMAK?
Connection Manager Administration Kit
Can create VPN connection profiles as .exe files, which can be run on a client computer to have the profile added and fully configured.
What is IAS?
Internet Authentication Service
A former name for NPS. The IAS acronym is still occasionally used in the UI, for example, in the Active Directory built-in group “RAS and IAS servers”.
When there is a connection attempt, how are conditions and constraints evaluated in an NPS Policy?
Network policies are ordered, and NPS evaluates them one at a time in sequence.
If the conditions of a policy do not match, NPS goes on to the next policy in line.
If the conditions of a policy are met, then no more policies get evaluated.
The constraints on a policy get evaluated after the conditions of the policy have been satisfied.
Each and every constraint must then be satisfied, or access is denied.
If a policy’s conditions have matched, but a constraint doesn’t match, then access is denied.
Within Active Directory, in a User’s Attributes, what are the network permission settings within the “Dial-In” tab, and what do they do?
- If the AD dial-in property is set to “Deny,” then the user is denied regardless of network policies.
- If the AD property is set to “Allow,” then the user is granted access, unless a network policy has an explicit “deny” policy affecting this user.
- If the AD property is set to “NPS Controlled” / “Not configured,” then the network policy is the sole decider for the user.
- If there are NO network policies, the AD property is the sole decider for the user.
What are the parts of an NPS Network Policy?
- Conditions: Determine whether a policy is evaluated for a connection request. A policy must have at least one condition.
- Access Permission: Simply set to either Grant, Deny, or determine based on the User’s Dial-in Properties in AD
- Authentication Methods
- Constraints: Optional, additional parameters that are required to match the connection request. If any constraint is not matched, the request is rejected.
- Settings: If the policy’s conditions and constraints are all matched, NPS will apply the settings to the connection request.
- Processing Order: The placement of the policy on the list of Network Policies determines the order it will be evaluated in.
How do you configure a RADIUS client?
- First, the RADIUS Server must already be configured.
- On the RADIUS client, in the NPS console, create a “Remote RADIUS Server Group.”
- Add the RADIUS server(s) to the group, and the shared secret that was set for the server.
- Then, in Connection Requests Policies, edit the properties of the default policy named “Microsoft Routing and Remote Access Service Policy,” which should be at Processing Order 1.
In the policy’s settings tab, under Authentication, set it to “Forward requests to the remote RADIUS server group for authentication.”
What can be configured using a RADIUS template?
RADIUS clients
• Reuse locally or on other NPS servers
Remote RADIUS Servers
• Reuse in remote RADIUS server groups
Shared Secrets
• Reuse with RADIUS clients and server
IP Filters
• Reuse with network policies
What is the name of the group that permits its members to access AD user dial-in properties?
“RAS and IAS Servers”
This group is built-in to Active Directory
What is NLS, and how does it work?
Network Location Server
- A Web Server with an SSL certificate, used by DirectAccess clients to determine if they are currently located internally on the corporate network, or if they are external.
- If the client can access the NLS, it knows it is on the corporate LAN and does not need to establish a DirectAccess connection.
- If the NLS server is not reachable from the client cannot access the NLS, it will assume it is outside of the corporate network and will try to establish to DirectAccess connection.
- The NLS is not reachable over a DirectAccess connection, because an exemption is created for it in the NRPT.
What kind of computer may NLS be installed on?
- Commonly deployed on IIS, but it can be installed on any platform that can serve as a web server with an SSL certificate installed (IIS, Apache, NGINX, etc.)
- You can also use an Application Delivery Controller (ADC) to serve as an NLS.
- It should be highly available, due to the nature of its role.
- It can be installed on the same server as the DirectAccess server, but this is not recommended, because if this server goes down, it can confuse DirectAccess clients connecting internally.
What are the prerequisites for configuring a DirectAccess Server?
- Windows Server 2016, either Standard or Datacenter editions
- Server must be joined to the domain
- IPv6 must not be disabled (but does not require any further configuration)
- Windows Firewall must be Enabled, for all profiles (domain, public, and private)
- Network Interfaces must be configured with IP address, mask, and gateway.
- If using a topology with two NICs (external and internal), then the external NIC should not have any DNS server configured. And, if you have more than one internal subnet, static routes are required for the internal-facing interface to access the additional subnets.
What is the “Getting Started Wizard” for DirectAccess, and why would you use it?
It is a very fast, easy method of predefined configuration for deployments with basic settings.
It has less infrastructure requirements than a standard DA configuration.
But, overall, it is not recommended because of its limiting inflexibility.
In DirectAccess, what is force tunneling, and why might it be used?
The default configuration of DirectAccess is called Split Tunneling, in which the client connects ONLY to the internal network via the Remote Access server, and all other internet traffic is separate and does not involve DA.
If force tunneling is enabled, DirectAccess clients connect to the internal network AND to the internet via the Remote Access server. All traffic goes through the DA connection.
This can allow for enforcement of web policies, logging of traffic, etc.
How are clients provisioned for DirectAccess use?
• The client computer object must be added to the DirectAccess clients security group in Active Directory (for the default setup; any other method of applying the DA Client GPO to the computer will also work)
• The DirectAccess IPsec certificate must be deployed to the client computer
(this may also be automated through auto-enrollment settings in the Certificate Templates Console and Group Policy)
• It is also optimizes the client to disable unnecessary IPv6 technologies: 6to4, ISATAP, and Teredo (again, this can be implemented through Group Policy)
What is DNSSEC?
Domain Name System Security Extensions (DNSSEC) is a suite of extensions that add security to the Domain Name System (DNS) protocol.
It enables cryptographically signing DNS records so that client computers can validate responses.
Specifically, DNSSEC provides origin authority, data integrity, and authenticated denial of existence.
With DNSSEC, the DNS protocol is much less susceptible to certain types of attacks, particularly DNS spoofing attacks.
What is Split-brain DNS?
DNS records are split into different scope zones, which allows DNS servers to respond to client requests based on whether the client is internal or external to the network.
What is DCA for Windows 7?
DirectAccess Connectivity Assistant
An optional component for Windows 7 DirectAccess clients, that provides some of the functions that are built into Windows 8+
- Provides a graphical connectivity status indicator
- Can generate diagnostic logs
- Facilities OTP/PIN entry
