http://msmvps.com/blogs/tonybradley/archive/tags/authentication/default.aspxTags: authenticationenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/tonybradley/archive/2009/07/01/using-built-in-functions-to-achieve-single-sign-on-in-windows.aspxWed, 01 Jul 2009 22:02:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1697521tonybradley0http://msmvps.com/blogs/tonybradley/rsscomments.aspx?PostID=1697521http://msmvps.com/blogs/tonybradley/archive/2009/07/01/using-built-in-functions-to-achieve-single-sign-on-in-windows.aspx#commentsPassword resets are more or less the bane of the help desk agent&#39;s existence. Carrying that through logically, they also represent a significant expense for the organization to pay for the lost productivity of the employees and the time and effort...(<a href="http://msmvps.com/blogs/tonybradley/archive/2009/07/01/using-built-in-functions-to-achieve-single-sign-on-in-windows.aspx">read more</a>)<img src="http://msmvps.com/aggbug.aspx?PostID=1697521" width="1" height="1">windows vistawindows xpwindowsWindows 7authenticationcredential managerkerberosssosingle sign-onhttp://msmvps.com/blogs/tonybradley/archive/2009/01/30/directacess-in-windows-7.aspxFri, 30 Jan 2009 13:05:00 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1667406tonybradley0http://msmvps.com/blogs/tonybradley/rsscomments.aspx?PostID=1667406http://msmvps.com/blogs/tonybradley/archive/2009/01/30/directacess-in-windows-7.aspx#comments<p><span style="font-size:small;font-family:comic sans ms,sans-serif;">One of the big frustrations for IT administrators is how to administer and maintain mobile systems. Whether conducting an asset inventory, a risk assessment, a vulnerability scan, or trying to manage system configurations and deploy patches, mobile systems are always somewhat of a wildcard. Many administrators actually have no idea just how many such systems are floating about or what their current state is. Until or unless the systems connect locally or VPN into the network, they are just rogue systems operating as islands unto themselves. It can be an administrative and compliance headache, if not nightmare.</span></p> <p><span style="font-size:small;font-family:comic sans ms,sans-serif;">Windows 7 has a very promising solution that seems like it can solve those issues for IT administrators. DirectAccess enables IT administrators to manage mobile computers...directly. That means that as long as the mobile computer has an Internet connection it can receive Group Policy settings, software distributions, and patch updates. The user does not even have to be logged on. With the growing number of users relying on laptops and other mobile computing devices, the ability for IT administrators to manage and protect those systems (and the data they contain) is critical. </span></p> <p><span style="font-size:small;font-family:Comic Sans MS;">DirectAccess uses IPv6-over-IPSec to encrypt data as it is transmitted over the public Internet. DirectAccess authenticates the computer and the user to the corporate network and even supports multi-factor authentication methods such as smartcards. </span></p> <p><span style="font-size:small;font-family:Comic Sans MS;">I will post a much more in depth look at how DirectAccess works and more details about how it will benefit organizations and IT administrators in the near future. For now, suffice it to say that I feel like DirectAccess is a huge advantage for Windows 7 and a feature that many corporate IT administrators will be drooling over.</span></p><div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1667406" width="1" height="1">Windows 7Group PolicyDirectAccessauthenticationmobile deviceslaptops