MCTS 70-680: Windows 7 DirectAccess

DirectAccess is a technology implemented in Windows 7 to allow a computer to automatically create a secure connection back to head office from remote without any user interaction. This video looks at how to configure DirectAccess on Windows 7.

DirectAccess configuration demo 05:00
Netsh 07:12

Requirements
Windows 7 Enterprise or Ultimate Edition
Windows Server 2008 R2 for DirectAccess
Windows server 2008 or above for DC's and DNS
Public key infrastructure. (Certificates)
Network Access Protection (NAP) optionally

IPv6 and DirectAccess
DirectAccess requires IPv6 to operate. Between the client and the server there may not be a fully functional IPv6 network. For this reason, DirectAccess also supports transition technologies. If no transition technologies are available, DirectAccess can use IP over HTTPS.

If your computer has a public IPv4 address, DirectAccess will attempt to create a connection using 6to4. If this fails, remember that 6to4 does not support IPv4 Nat devices, DirectAccess will then attempt to use Terdeo. If this fails, possibly due to being blocked by a firewall, DirectAccess will attempt to create an IP HTTPS connection back to the server.

Group Policy DirectAccess
In order for DirectAccess to operate it muse be able to locate the Server that is configured with DirectAccess using DNS. In order to do this the group policy settings are found under the following.
Computer Configuration-Windows Settings-Name Resolution Policy
The settings for DirectAccess can be found under the DNS settings for Direct Access tab. From here you can configure the DNS servers that DirectAccsss will use to locate servers in your company. If they are publicly available you can just enter in the IP address, otherwise you can configured a proxy server or and IPSec connection back to your DNS servers if they have been set up.

Group policy IPv6 Transition Technologies
Since DirectAccess requires IPv6 to operate and you may not have a complete IPv6 network between your client and server, DirectAccess does support transition technologies. These setting can be found under
Computer Configuration-Administrative templates-Network-TCPIP settings-IPv6 Transition Technologies

NetSH commands
netsh interface IPv6 set teredo EnterpriseClient (IPAddress) (Port)
netsh interface IPv6 set teredo disable
Netsh interface 6to4 set relay (IPAddress)
netsh interface 6to4 set relay disable
netsh interface httpstunnel add interface client (http address)
netsh interface httpstunnel delete interface
netsh namespace show policy
netsh namespace show effectivepolicy
netsh interface httpstunnel show interfaces
netsh interface teredo show state
netsh interface 6to4 show state

See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for are always free training videos. This is only one video from the many free courses available on YouTube.

Category:

Education

Tags:

• DirectAccess
• 70-680
• MCITP
• MCTS
• Windows 7
• ITFreeTraining

License:

Standard YouTube License