Windows 7 DirectAccess – Experiences

Michael PietroforteMVP By Michael Pietroforte - Tue, February 3, 2009 - 19 comments google+ icon

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in system administration.

In my last article I listed all important features of DirectAccess. Today I will share some experiences I made when I placed a little with it.

DirectAccess has to be installed as a feature on Windows Server 2008 R2. I wonder why it is a feature and not a role, considering that it is recommended to use DirectAcess on a server that has no other function. I must admit, I still don’t understand the difference between server roles and features.

DirectAccessIt is interesting to note that two network interfaces are required, which indicates that DirectAccess has firewall functionality. One network card is usually enough for VPN. DirectAccess also complained that I have no Public Key Infrastructure. After I installed the Certificate Server role on the same machine, the DirectAccess setup was satisfied. The setup wizard then let me configure the user groups that are allowed to use DirectAccess.

Next, I had to configure the external and the internal network interface. The external interface needs a public IP address. The setup program was smart enough to recognize that I was using a private IP. It surprised me a little that DirectAccess bothered about the IPv4 settings, anyway. DirectAccess requires IPv6, which probably is the main reason why it will take a while until corporations embrace this new feature. In the last two steps, one has to identify the infrastructure servers (DNS, domain controller) and the applications servers.

DirectAccess-setup I then tried to figure out what has to be configured on the client side. I am not sure if the Windows 7 Beta1 already supports DirectAccess, because I didn’t find a corresponding feature or service. I also skimmed over the Group Policy settings but I didn’t find any hints there. Unfortunately, the links to the help files on my Windows Server 2008 R2 didn’t work and I also wasn’t able to find any technical manual about it on the web. Please let me know if you were able to get further with your testing of DirectAccess. I will probably try it again as soon as Windows 7 RC is out.

All in all, I think DirectAccess is a very interesting new feature. It might even replace VPN in the long run. I believe such technologies are directly aimed at Google Apps & Co. The biggest advantage of cloud apps is that they are location-independent. Considering that network bandwidth for mobile users is rapidly improving these days, it won’t take long until it doesn’t make a difference anymore if users work in the corporate intranet or in a home office. Admins can manage remote machines as if they were in the office next door or on a virtual desktop in the datacenter. A desktop will be just a desktop no matter where it is located, whether it is virtualized or not. With private cloud technologies and features such as DirectAcces, we can enjoy the advantages of scalability, fat clients, and mobility.

-1+1 - Rate this post
Loading ... Loading ...
Your question wasn't answered? Ask in the new 4sysops forum!

19 Comments- Leave a Reply

  1. Jesper Ravn says:

    Hi Michael

    Did you try to use Windows 2008 R2 as a DirectAccess client.
    Hopefully I will get some time in the near furture to test it like you.
    My plan is to make a test-setup with a real Public IP, where the IPv6 tunnel provider could be SixXS.
    http://www.sixxs.net/home/

    If I get any positive results, I will let you know.
    Thanks for a great IT blog.

    /Jesper

  2. Jesper, thanks! I also didn’t find a DirectAccess client on R2. Perhaps I have been searching at the wrong places. It would be great, if you share your experiences with DirectAccess as soon as you have tested it.

  3. Jeff says:

    I am also trying to get DirectAccess to work. I have everything set up, but I keep getting an ID certificate error. I have not moved passed the prerequisites yet.

    Oh well. I will keep trying.

  4. Did you install the Certificate Server role?

  5. Jeff says:

    Michael, I did install AD CS and there are no errors. I installed it as a standalone, subordinate, CA.

  6. Were you able to access the documentation? The links in the DirectAccess snap-in didn’t work on my test installation. I somehow think it is better to wait for the RC.

  7. Jeff says:

    No, the documentation does not exist. I find it funny MS wants people to try these features in the Beta, but can’t even have them enabled. I guess that is why it’s a Beta.

    They just should put out something on their site that states DirectAccess does not currently work.

  8. I agree. I started testing Windows 7 because Ballmer said that is now feature-complete. It seems to me that this applies only to the gimmicks.

  9. Hugh says:

    From what I read (see below, and yes this may not be true) DirectAccess will only be available to Ultimate and Enterprise i.e. Software Assurance) versions of Windows so this feature would be of limited interest. Not very smart Microsoft

    http://www.crn.com.au/Tools/Print.aspx?CIID=136446

  10. Hugh, thanks a lot for the interesting information. I googled the topic. There are quite a few important features that Windows 7 Professional lacks.

  11. Jeff says:

    Just to let everyone know, there is now a guide for DirectAccess. Looks like my problem may lie in no server 2008 Domain Controller. Oh well. Looks like I will be setting up a whole new test environment!!

    http://www.microsoft.com/downloads/details.aspx?FamilyID=2fdc531d-9138-454f-a820-78211755b52a&displaylang=en.

  12. Seak says:

    For business customers, Windows 7 Beta 1 now supports Direct Access, which enables mobile workers to securely connect to the corporate network without the need for a virtual private network, and BranchCache, which locally caches content from remote file or web servers.

    http://www.techcentral.ie/article.aspx?id=12959

    but i can’t find the DirectAccess client too.

  13. Sneak, I am sure the author of this article didn’t verify what the Microsoft spokesman told him.

  14. anonymuos says:

    Adoption will be slow since it requires Server 2008 R2 as well.

  15. Zeeshan says:

    Hi,
    We are in the situation where we have to shared folder to our users running XP, VISTA.
    Our server is Windows 2008 Server. Due to security we cannot run SMB over TCP .

    Any other suggestion ? or opensource VPN

    Zeeshan

  16. OpenVPN is probably the best free VPN solution.

  17. Faisal says:

    I have come across a similar issue trying to set up DirectAccess in our environment. After reading about the features on Microsofts website (http://www.microsoft.com/directaccess) and reading the white paper, it only mentions that the requirements would be Win2k8 R2 and Windows 7. We ended up with Win7 Pro and Win2k8 R2 in our company. Spent about 2 weeks researching and setting up DirectAccess and couldn’t get it to work. I finally came across an article hidden online somewhere mentioning that it only works on Ultimate and Enterprise versions of Win7 only. Very deceitful on on Microsoft’s part. No where on their website did it mention that. Now I am stuck with 75 licenses of pro and didn’t purchase SA because we didn’t feel the need for it. I am extremely disappointed and feel this was false advertising on microsoft’s part.

  18. thanhnhan says:

    who did research Direct access? can you help me about it? please!!!

  19. Jameel says:

    I remember reading DirectAccess requires Windows 7 Enterprise.

    All the guides I have found refer to using DirectAccess in conjunction with UAG.

    Have any of you used it without UAG? Say with a Fortigate firewall?

===Leave a Comment===

Login

Lost your password?