A surprising, but increasingly common question that comes up when talking to customers about Forefront UAG DirectAccess is:
Can we temporarily disable DirectAccess when using low bandwidth or expensive mobile Internet data tariffs and don’t need corporate network access?
Although this question seems a little strange and counter production when talking about a technology that is designed to specifically be ‘always on’, it is actually very valid for the given scenarios.
The best way I have found to temporarily disable DirectAccess is to stop the IP Helper service on the DirectAccess client.
This can be done using the Computer Management snap-in or using the following command line:
net stop “IP Helper”
to regain full DirectAccess functionality it can be restored by starting the service in Computer Management or using the command line:
net start “IP Helper”
The IP Helper service is used to provide tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
|Please Note: This method will not work if you have DirectAccess clients using native IPv6. However, this scenario is unlikely for most DirectAccess clients as a majority will be using 6to4/Teredo transition technologies or IP-HTTPS.|
Simple, but handy at times…