DirectAccess is a great feature of Windows 7. Even if some technical requirements remains obscure (Such as IPv6), they are used to provide a user experience. With Windows 7, user experience was great but it was hard for a user to determine if DirectAccess was really operational or not. It was also difficult for helpdesk to collect troubleshooting information’s. For this reasons, Microsoft provide the DirectAccess Connectivity Assistant.
A great tool, but not perfect. This tool is not fully integrated, it’s a dedicated tool such as Network Access Protection “NAPSTAT.EXE”, with it’s own user experience. With Windows 8, Microsoft decided on improve user experience in DirectAccess. A single user experience for all features involved in networks is a good thing. When you click on the network icon in the notification area, you have all network information in a single interface.
In my example, my Windows 8 computer is connected to a network and have a Workspace Connection witch is the new name for DirectAccess. This unified user experience also include Network Access Protection. If my computer doesn’t meet security standards, user experience will be as illustrated bellow.
In this situation, if you click the continue button, you will be facing the old “NAPSTAT.EXE” user interface that provides technical reasons. Problem, this interface is not user friendly. I’ve seen customers of mine reporting me security problem because information provided were not clear for a normal user.
In my opinion, Microsoft should invest more on user experience for Network Access Protection. if Microsoft Provides this Consumer Preview of Windows 8, they expect feedbacks. Do you really think a user can understand this user interface? No!
Let’s continue with the user experience. Microsoft invest a lot to integrate the DirectAccess Access Connectivity Assistant in Windows 8. User have access to the new DAC with the properties option on the Workspace Connection as illustrated bellow :
One thing we can notice is that the user interface did not really change. Except for one this : The Multisite section. Depending on DirectAccess configuration (Multisite option enabled) user may be able to select the DirectAccess entry point he want to be connected or simply leave the system connect him to the nearest DirectAccess entry point.
When generating logs, you will see some new commands that will be helpful for helpdesk teams. Almost all DirectAccess troubleshooting now rely on PowerShell. There are many things to learn from this reports. For example, the "Get-Net-HTTPSConfiguration” Powershell commandlet provide some strange results :
Yes it’s now possible to have multiple IPHTTTPS interfaces, that’s how DirectAccess works in multisite. There are many DirectAccess enhancements in Windows 8, most of them are technical enhancements that users will never see. These enhancements were introduced in order to respond to customers that consider DirectAccess a a good solution from a user point of view but complex to deploy from a technical point of view.
I will spend some time to explain how Microsoft made DirectAccess easy to deploy. Even if you do not plan to switch to Windows 8 in a short time, Combining Windows Server 8 DirectAccess with Windows 7 will become a deployment scenario in a near future that we must consider seriously.
BenoitS – Simple and Secure but Business compliant
Les derniers articles par Benoit (tout voir)
- Gestion de la sauvegarde de vos VM Azure avec des tags. - 18 juillet 2019
- Azure BluePrint Import/Export - 18 juin 2019
- Automatiser Azure Update Management avec Azure Policy - 16 juin 2019