The Microsoft DirectAccess Connectivity Assistant (DCA), first releases in 2010, provides a way to disable DirectAccess by selecting "Use local DNS resolution". When set, this sends all DNS queries straight to the "traditional" DNS lookup process, instead of passing them through the the Name Resolution Policy Table (NRPT) first.
But I was unable to find any command line switches for the DCA that would let me do this in a DOS batch (BAT) file. There are numerous post on how to disable the DirectAccess client from the command line, but they all seem to rely on stopping the "ip helper" service. Which seems a bit heavy handed to me, and it doesn't really stop DirectAccess so much as it just blocks it from being able to communicate.
Looking at some post that discuss how to trouble shoot a DirectAccess client, it occurred to me that their bug was my feature. Doing a little experimentation based on these clues, it turns out that the "Use local DNS resolution" setting in the DCA causes the registry value HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient EnableDAForAllNetworks to change to 2, from the default of 0.
Add a few lines to cleanup the DCA service that is no longer needed, then remove the DCA Tray program, and the finished BAT file to Disable DirectAccess looks like:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /f /v "EnableDAForAllNetworks" /t REG_DWORD /d "00000002"
net stop DcaSvc
taskkill /F /FI "IMAGENAME eq DcaTray.exe" /TThe corresponding BAT file to Enable DirectAccess is:
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient" /f /v "EnableDAForAllNetworks" /t REG_DWORD /d "00000000"
net start DcaSvc
"C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe"