Before you can use DirectAccess you need to ensure that your system meets the necessary requirements:
- You must be using Windows 7 Ultimate or Enterprise,
- You must have a smart card and smart card reader, this is a small plastic card with a computer chip, people use these cards, along with a PIN number to log onto networks, computers or devices. This is more secure than simply using a password as it is harder for someone to steal the card and learn the PIN. A smart card reader is a device that is connected to the computer, designed for reading the card. You will need the smart card for the initial certificate enrollment. After DirectAccess is configured on your computer you will not need the smart card for remote log ins.
- You must have Remote Access Service (RAS) access, this provides remote access capabilities to client applications on computers that run Windows,
- Your computer must be connected to the corporate domain,
- Your computer must have a TPM chip, (you can find a guide on how to initialize your TPM chip here)
- BitLocker Drive Encryption must be configured on your computer, (you can find a guide on how to enable BitLocker here)
- Your computer must be in compliance with Network Access Protection (NAP). This is a Microsoft technology for controlling network access of a computer host, based on the system health of the host. DirectAccess uses NAP to validate client health. You will receive a pop-up message if your computer is not NAP client, however you will only be blocked when you are outside of the corporate network. You computer must meet certain requirements to be NAP compliant, for example:
- You must have the latest security updates installed.
- You must have Forefront EndPoint Protection 2010 installed. This is Microsoft's anti-virus.
- BitLocker must be enabled at all times once DirectAccess is configured.
You need to click start, all programs and select DirectAccess setup. You need to read the information carefully and ensure that your computer meets all of the necessary requirements. Once you are happy click continue.
The setup wizard will check to see if your TPM chip has the latest firmware. If it does the wizard will skip to the next step, if not the TPM Firmware dialog box will open.You will need to click "fix" to continue and then you will need to reboot your PC.
Once your computer has rebooted and you have logged back in, you will see a pop-up asking you to launch the DirectAccess set up again. You need to click on this notification to relaunch the set up.
The wizard will now check that BitLocker is properly configured. If BitLocker is properly configured, the setup will skip to the next step. If not the BitLocker Compliance dialog box will show. You will only see this dialog box if BitLocker is not configured properly if:
- BitLocker is not enabled
- BitLocker is not configured properly
- BitLocker is enabled but not using the TPM chip.
- Your portable computer does not have a BitLocker PIN established
- BitLocker is suspended
- The BitLocker encryption process is not complete.
Once BitLocker configuration is complete, the wizard will begin the certificate enrollment process. When prompted you will need to insert your smart card into the reader and enter the PIN.
Once you have done this click Finish in the DirectAccess setup complete dialog box and you're done. DirectAccess will now be set up on your Windows 7 client computer.
No comments:
Post a Comment