Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD

Slides:



Advertisements
Similar presentations
Lampasas ISD Technology Updates Network Administrator
Advertisements

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Direct Access, Do’s and Don’ts
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 3 Windows Server 2008 Branch Office Scenario.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Keeping You Connected Through Citrix Access your applications Access your network shares and documents Access your …and do it remotely!
Troubleshooting DirectAccess Clients Step by Step
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
File sharing. Connect the two win 7 systems with LAN card Open the network.
Module 8 Configuring Mobile Computers and Remote Access in Windows 7.
11 SYSTEMS ADMINISTRATION AND TERMINAL SERVICES Chapter 12.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Installing a DHCP Server role on Windows Server 2008 R2 in a home network. This is intended as a guide to install the DHCP role on a Domain Controller.
Course 201 – Administration, Content Inspection and SSL VPN
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.
Clinic Security and Policy Enforcement in Windows Server 2008.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Hands-On Microsoft Windows Server 2008
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 4: Add Client Computers and Devices to the Network.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Six Configuring Windows Server 2008 Web Services,
©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.
Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.
One-To-One Instruction How to install MS Exchange with a two user setup on Windows Server 2003.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
Chapter 4 Initial Configuration Tasks. Understanding the Initial Configuration Tasks window Microsoft now provides a new feature, the Initial Configuration.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Windows 2000 Certificate Authority By Saunders Roesser.
PLANNING A MICROSOFT EXCHANGE SERVER 2003 INFRASTRUCTURE Chapter 2.
Module 5: Designing Security for Internal Networks.
Protocols COM211 Communications and Networks CDA College Olga Pelekanou
Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey
LINCWorks Mesh Networking User Guide. This user guide will give a brief overview of mesh networking followed by step by step instructions for configuring.
Windows 10 Common VPN Error Tech Support Number
Virtual Private Network Access for Remote Networks
ArcGIS for Server Security: Advanced
Lesson 6: Configuring Servers for Remote Management
Configuring ALSMS Remote Navigation
Implementing TMG Server Publishing
Ch 3: Obtaining Help and Support
Unit 27: Network Operating Systems
IIS.
Server-to-Client Remote Access and DirectAccess
NETWORK SECURITY LAB Lab 8. Firewall and VPN.
Chapter 10: Advanced Cisco Adaptive Security Appliance
How to install and manage exchange server 2010 OP Saklani.
Presentation transcript:

Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD

What is DirectAccess? The VPN that doesn’t require any configuration or user interaction to use. Once a internet connection is initiated, the DirectAccess connects on the device. DirectAccess establishes IPsec tunnels from the client to the DirectAccess server, and uses IPv6 to reach intranet resources or other DirectAccess clients. This technology encapsulates the IPv6 traffic over IPv4 to be able to reach the intranet over the Internet, which still (mostly) relies on IPv4 traffic. - Wikipedia Uses IPv6 to route traffic through the Direct Access connection. Don’t worry, you don’t need to be an expert at IPv6. Requires Windows Server 2008R2 or newer Client Requirements Windows 7 Enterprise or Ultimate Windows 8 Enterprise This works based on DNS entries and servers you specify during setup.

What is DirectAccess? Windows 2008 R2 Server required IPv6 to be used end to end. This was resolved with Windows 2012 with NAT64 to allow this to work through an IPv4 network. A DirectAccess client can use one of several tunneling technologies, depending on the configuration of the network the client is connected to. The client can use 6to4, Teredo tunneling, or IP-HTTPS, provided the server is configured correctly to be able to use them. For example, a client that is connected to the Internet directly will use 6to4, but if it is inside a NATed network, it will use Teredo instead. In addition, Windows Server 2012 provides two backward compatibility services DNS64 and NAT64, which allows DirectAccess clients to communicate with servers inside the corporate network even if those servers are only capable of IPv4 networking. - Wikipedia6to4Teredo tunnelingIP-HTTPSNATedDNS64NAT64

Why use DirectAccess? If a device leaves the network, you can give them an on premise experience as long as they have a reliable network connection. Users can get mapped drives. Ability to push out GPO’s/policies at all times. Ability to give users applications that you don’t want to open up on the outside world.

DirectAccess and Firewall IP-HTTPS is the default protocol of the “simple” DirectAccess wizard in Windows Server 2012 if you choose the topology “behind an edge device”. If you are doing an Edge deployment with a single server, like I did, you can create a firewall rule to allow TCP/443 to this server. That is all that is needed to get this to work in this deployment. There are 2 other deployment options you can select from when configuring.

Direct AccessServer Installation This guide below is what you can use to install DirectAccess. Many of the slides about installation and configuring has been taken from this resource. on-server-2012-r2/ on-server-2012-r2/ In Server Manager on 2012 R2, you need to click on Manage and Add Role or Feature.

DirectAccess Server Installation Add Remote Access Role.

DirectAccess Server Installation Add Remote Access Role Configuration. Click on DirectAccess and VPN (RAS) and follow through with defaults on the wizard.

DirectAccess Server Configuration In server Manager under Tools, click on Remote Access Management. You can configure the warning on the quick deployment in Server Manager.

DirectAccess Server Configuration Click on Run the Remote Access Setup Wizard.

DirectAccess Server Configuration Click Deploy DirectAccess Only.

DirectAccess Server Configuration Go through the steps in the wizard.

DirectAccess Server Configuration During Step 1, select Deploy full DirectAccess and you will need to have an AD group that you will add computers to that will use the DirectAccess feature.

DirectAccess Server Configuration There are two checkboxes you can check on step 1. If you check the first option, it will restrict access to laptops based on a WMI query. The other option to force tunneling will tunnel all traffic through the DA connection, which I would not recommend.

DirectAccess Server Configuration You don’t need to put in a lot of resources to validate if the internal network is online since this is only used to determine if you are online with DirectAccess on the client. The connection name is what is shown to users when they are or are not connected.

DirectAccess Server Configuration Step 2: configure Remote Access Server There are 3 options. I deployed behind an edge device (with a single network adapter). Select the appropriate option for your configuration. Follow the link in an earlier slide about setting up a certificate on this device for remote access.

DirectAccess Server Configuration Step 3: Infrastructure Servers The network location server is a internal only web server that the client can connect to and ensure it is reachable. I did the second option and used my wildcard certificate for SSL on the IIS server.

DirectAccess Server Configuration Step 3: Infrastructure Servers Use local name resolution if the name does not exist in DNS or DNS servers are unreachable when the client computer is on a private network (recommended).

DirectAccess Server Configuration If you would like to remove a device from connecting via direct access, you can add a name suffix of the hostname.domain.com and under DNS Server Address, leave it blank. You can also add other domain names here that you want to go through the DA connection by supply a DNS IP address. Direct access works using DNS servers. If you don’t have a DNS entry for a server, you won’t be able to connect to the device using DA, i.e. network switches.

DirectAccess Server Configuration Step 3: Infrastructure Servers Ensure all your local domain’s suffixes are listed.

DirectAccess Server Configuration Step 4: See link from earlier slide. When done, click finish and apply the remote access configuration.

DirectAccess Server Configuration Next step on a computer in your domain that is running Windows 7 or 8 Enterprise, add the computer object to your DirectAccess group and do a gpupdate and reboot. You should see if you are connected in the network connections.

DA Client Network There are some tunnel adapters created when you have a direct access connection. With the options we configured earlier in this presentation it will only route traffic through the DA that we specify and the other traffic will go out the internet connection.

Direct Access Questions?

What are Work Folders? Think of Work Folders like OneDrive, Google Drive, or Dropbox besides the data resides on your local file servers. Data can be encrypted, forcibly by IT. If you copy files from your Work Folder to another location, the file is still encrypted and policies are enforced. See this link on how to de-encrypt files ( Staff and students can connect to corporate files from their home computers that run Windows 7 or 8. Windows 7 requires an installation to enable this feature. iPad and other devices support is coming in the future. Can enforce policies, such as lock screen on devices before user is able to use Work Folders. This can integrate with existing Folder Redirection file server structure so you can do both this and Work folders side by side.

Work Folders Compared to Other Products

Configuring Work Folders Installation Guide work-folders-test-lab-deployment-in-windows-server-2012-r2.aspx work-folders-test-lab-deployment-in-windows-server-2012-r2.aspx Requirements AD Server on network File Server running Windows 2012 R2 Server IIS server on Fire Server with SSL certificate Firewall TCP/443 opened with DNS entry on firewall if you open this up on the outside world.

Configuring Work Folders In Server Manager, click on Add and Remove Roles and Features. Under Roles > File and Storage Services, check Work Folders or to do this via Powershell, type Add-WindowsFeature FS-SyncShareService

Configuring Work Folders In Server Manager for File and Storage Services, click on New Sync Share Wizard. There are 2 path options. The first option is for an existing file share that you may be already using with Folder Redirection. Select the local path option if this is a new one. See link earlier about the permissions needed for the root folder.

Configuring Work Folders Now you will need to configure the folder structure. User Alias will work with existing folder redirection or home folders. Sync only the following subfolder: By default, all the folders/files under the user folder will be synced to the devices. This checkbox allows the admin to specify a single subfolder to be synced to the devices. For example, the user folder might contain the following folders as part of a Folder Redirection deployment:

Configuring Work Folders Towards the end is where you can tell it to encrypt Work Folders and require a lock screen and require a password. The password policy enforces the following configuration on user PCs and devices: Minimum password length of 6 Autolock screen set to be 15 minutes or less Maximum password retry of 10 or less If the device doesn’t meet the policy, user will not be able to configure the Work Folders

Configuring Work Folders By default, server will check for data changes every 5 minutes. You can decrease this time by running this command (1 min in the example below). This will increase server load time. Set-SyncServerSetting -MinimumChangeDetectionMins 1 Also, be sure to set up DNS entries and firewall settings for TCP/443 to make this work if you are opening this outside your network.

Work Folders Client Configuration In Control Panel > System and Security > Work Folders click on Set up Work Folders.

Work Folders Client Configuration User would type in their address and AD credentials. If client computer is domain joined, it will not prompt them to login.

Work Folders Client Configuration Before it is set up, the user will have to consent to any security policies you configured during the server setup.

Work Folders Client Configuration When done, users will see a Work Folders icon in their File Manager window. When encryption is on, the file/folder will be colored green.

Work Folder Status If you go to Work Folders in Control Panel, you can view any errors and sync status of this.

What we did with Direct Access and Work Folders We implemented these two features and are currently in the testing phase. We have users that are not on campus and are in the local districts the majority of the time. Enabling these two items will allow us to backup their files to the server to handle any hardware failure on the computers and it will allow us to protect the data by encrypting work related files. We did not open up the Work Folders on the firewall and the devices will connect to these with the DirectAccess connection we configured on the devices.

What we did with Direct Access and Work Folders We set up folder redirection for Staff Desktop, My Documents, Downloads, and IE Favorites folders to point to their user profile\Work Folders\{Desktop,Docs,Downloads,IEFavs}

What we did with Direct Access and Work Folders We set up folder redirection for Staff Desktop, My Documents, Downloads, and IE Favorites folders to point to their user profile\Work Folders\{Desktop,Docs,Downloads,IEFavs}

What we did with Direct Access and Work Folders Even if you don’t implement Direct Access and you don’t want to open up the File Server TCP/443 on the firewall, if users come back to campus, the files will sync to the servers and this may still be useful. Files are copied to the local device and can be accessed even without connecting to the server.

Work Folder Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.