Fri, Jan 30 2009 8:05
DirectAcess in Windows 7
One of the big frustrations for IT administrators is how to administer and maintain mobile systems. Whether conducting an asset inventory, a risk assessment, a vulnerability scan, or trying to manage system configurations and deploy patches, mobile systems are always somewhat of a wildcard. Many administrators actually have no idea just how many such systems are floating about or what their current state is. Until or unless the systems connect locally or VPN into the network, they are just rogue systems operating as islands unto themselves. It can be an administrative and compliance headache, if not nightmare.
Windows 7 has a very promising solution that seems like it can solve those issues for IT administrators. DirectAccess enables IT administrators to manage mobile computers...directly. That means that as long as the mobile computer has an Internet connection it can receive Group Policy settings, software distributions, and patch updates. The user does not even have to be logged on. With the growing number of users relying on laptops and other mobile computing devices, the ability for IT administrators to manage and protect those systems (and the data they contain) is critical.
DirectAccess uses IPv6-over-IPSec to encrypt data as it is transmitted over the public Internet. DirectAccess authenticates the computer and the user to the corporate network and even supports multi-factor authentication methods such as smartcards.
I will post a much more in depth look at how DirectAccess works and more details about how it will benefit organizations and IT administrators in the near future. For now, suffice it to say that I feel like DirectAccess is a huge advantage for Windows 7 and a feature that many corporate IT administrators will be drooling over.
Filed under: Windows 7, Group Policy, DirectAccess, authentication, mobile devices, laptops