With Microsoft no longer investing in DirectAccess, Always On VPN with Windows 10 is the way of the future. Many administrators have been asking about this new solution and how it compares with DirectAccess. The good news is that Always On VPN provides the same user experience as DirectAccess with some important advantages. Read my latest blog post to learn more.
With Microsoft no longer investing in DirectAccess and actively promoting their Always On VPN solution as a replacement, many organizations are taking this opportunity to evaluate modern remote access solutions such as NetMotion Mobility. The NetMotion platform provides the same DirectAccess-like experience but with many more features and capabilities. Learn more about NetMotion Mobility and how it makes an excellent alternative to Microsoft DirectAccess here.
Using digital certificates to sign and optionally encrypt email messages is a highly effective way to improve integrity and confidentially for email communications. Obtaining a digital certificate for the purposes of securing email is simple and inexpensive. Typically, an email signing certificate costs less than $20.00 USD per year for personal use. They are available from Entrust as well as numerous other public certification authorities.
After obtaining an email signing certificate, it is less obvious how to configure an email client to use it. The following is guidance for importing and using a digital certificate to sign email messages with Microsoft Outlook 2016.
1. In Microsoft Outlook 2016, click File and then Options.
2. In the navigation tree click Trust Center and then click Trust Center Settings.
3. In the navigation tree click Email Security and then click Import/Export.
4. Select the option to Import existing Digital ID from a file. Enter the path to the certificate obtained from the public certification authority and enter the password associated with it. Click Ok.
5. Outlook will prompt to set a security level. Click Set Security Level to change the default setting.
6. The default security level is set to Medium. At this level, Outlook will prompt for permission to use the certificate when signing emails. When set to High, a password will also be required.
7. After importing the certificate, select the option to Add digital signature to outgoing messages and click Ok. Optionally, to ensure that signed messages can be read by recipients who do not have S/MIME security capability, select the option to Send clear text signed message when sending signed messages.
8. Click the Settings button next to the Default Setting drop-down menu. Click on the Hash Algorithm drop-down menu and choose SHA256.
Once complete, all outgoing emails message will be signed using this certificate by default. When creating a new email message, the option to sign them is automatically selected. Click Options and then Sign to disable signing on a per-email basis. Optionally you can choose to encrypt the email by clicking Encrypt.
Repeat the above steps to import signing certificates for any additional email addresses, as required.
When configuring a KEMP LoadMaster load balancer to support workloads that use SSL and TLS, it is often necessary to import root and intermediate Certification Authority (CA) certificates on the appliance. When doing so, it is not uncommon to encounter a “Certificate Format Invalid” error message. For more information about this error and how to resolve it, click here.
It’s the little things that make a difference. After switching to PowerShell for the majority of my command line administration tasks many years ago, I’ve always found it frustrating to have to change the default Quick Link menu settings (Win+X) in Windows 8.x and Windows 10 from Command prompt to PowerShell. Yes, it can be done with group policy, but for non-domain joined systems it still has to be done manually. With the increased prevalence of PowerShell, I’ve been surprised that Microsoft has not made it the default. With Microsoft’s recent Creators Update release, they’ve finally done it! Beginning with update 1703, Microsoft has finally made PowerShell the default option on the Quick Link menu. It’s about time!
As organizations rapidly adopt the cloud, they are increasingly moving applications and infrastructure to hosting provider such as Amazon Web Services (AWS). DirectAccess deployments are becoming increasingly common in AWS, but there are a few caveats to be aware of when deploying this workload there. Click here to read more about deployment considerations for DirectAccess on AWS.
DirectAccess troubleshooting can be quite challenging at times. Often the cause of failed connectivity is network related. Using Nmap to assist with DirectAccess troubleshooting can be tremendously effective. Read my latest blog post on DirectAccess troubleshooting with Nmap to learn more.
I’m excited to announce my latest video training course, Planning and Implementing DirectAccess with Windows Server 2016, is now available on Pluralsight! Click here to learn more!
iManage Work (formerly WorkSite) is a popular document management system commonly used in the legal, accounting, and financial services industries. Historically, there have been issues getting WorkSite to function over DirectAccess. Read my latest blog post to learn how to enable DirectAccess IPv6 support for iManage work and WorkSite.