DirectAccess Client Uninstall

Owned by Terrence S Miller
Last updated: Apr 09, 2024
1 min read

Environment

DirectAccess as a Service

Issue

DirectAccess client uninstall prior to DirectAccess as a Service end-of-life date of 5/3/2024

Resolution

As part of the process of decommissioning the DirectAccess service, MiWorkspace Windows Engineering is recommending the following methods to remove the DirectAccess client’s ability to connect to the server infrastructure that will be decommissioned in early May.  Most clients will remove the majority of these entries automatically when the DirectAccess Group Policy objects are no longer applied, but it is best practice to implement one or both of these methods to ensure that computers are prevented from attempting to reconnect in the future.  Before proceeding with the steps in this document, please ensure that all links to DirectAccess Group Policy objects have been disabled for your organization in Active Directory.  

 

Detailed below are two methods that may be used to ensure that DirectAccess policy registry entries are removed prior to the decommissioning of the DirectAccess server infrastructure by ITS.

Group Policy

Customers can link the following Group Policy Object to provide a method for uninstalling the DirectAccess client on their customers’ machines.  

EUC Windows - DirectAccess Uninstall

Script

Instead of Group Policy, customers can run a PowerShell script on DirectAccess clients to remove the registry entries.

Download the ‘DirectAccess-Uninstall.ps1’ script from the GitHub link below and run it with an account with administrator permissions on customers' computers. U-M GitHub Enterprise account required.

https://github.com/umich-windows/directaccess-uninstall/tree/main

Notes

  1. A reboot is required after the GPO is applied or after the script is run to prevent the client from attempting to connect back to DirectAccess in the future.