Ah so this is the DirectAccess functionality that was added in the Win7 cycle. It's all IPSEC magic secured with PKI. It's certainly secure (IMO) and it is VERY slick. End users love it too. No more dealing with crappy VPN clients, licenses for them, etc. You control on the backend what's available via the tunnel.
UAG adds a publishing layer for DirectAccess which I understand makes deployment a bit easier but I haven't tried it yet. Thanks, Brian Desmond [email protected] c – 312.731.3132 -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, May 06, 2010 12:48 PM To: NT System Admin Issues Subject: Re: Win 2008 UAG, Win 7 Enterprise, Generic Accounts On Thu, May 6, 2010 at 08:17, Ben Scott <[email protected]> wrote: > On Thu, May 6, 2010 at 10:59 AM, Kurt Buff <[email protected]> wrote: >> And this is one of the big reasons why Windows 7 Enterprise, coupled >> with Win2k8 UAG, is so interesting to me... > > Eh? I'm not familiar with that stuff, but I'm intrigued. Care to > elaborate, or provide links, please? I tried Google but am only > getting stuff related to ISA/Forefront. > > -- Ben It's under the forefront umbrella. From my digging, it seems that among other things it is a way to set up an IPv6/IPSec tunnel from the Win7 Enterprise/Ultimate mobile machine to the UAG server, which gives it a presence on the internal network. It happens before the user logs in, so login scripts, GPOs, drive connections and all of that happen transparently. If you visit http://www.microsoft.com/forefront/unified-access-gateway/en/us/ and get the PDF linked at "Forefront UAG and DirectAccess" you'll get more data. I'm still waiting to see evidence that it's secure and all that, but the concept is pretty stellar. It would also have to be coupled with robust disk encryption and possibly a two factor auth solution, but it would make life much easier for everyone. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
