Kernel Confusion

DirectAccess is a great technology and I love to use it. If I get connection problems, I just open up my command line and examine the ipconfig output to see if something’s wrong. But is this something all your customers and colleagues are capable to do? I think not. Especially in rather large deployments, DirectAccess might put your help desk under a lot of pressure.

To reduce such calls and ease the complexity of debugging actual problems, Microsoft’s DirectAccess Connectivity Assistant might come in handy. It’s a small tool that notifies the user of his current connection status and helps to provide valuable information to the help desk.

So let me show it to you in action.
After setup it will show up in the user’s tray bar.

DirectAccess Connectivity Assistant in traybar

A simple single click informs about the current status (as does the tooltip).

DirectAccess Connectivity Assistant balloon

A right-click offers two options: “Advanced Diagnostics” and a DNS preferation setting (we will come to that later)

DirectAccess Connectivity Assistant right-click menue

The “Advanced Diagnostics” window offers more detailed information about the status and will generate log files upon its launch. Those can be send via the “Email logs” button to a prespecified address. It also has a link to your company’s help desk web page.

DirectAccess Connectivity Assistant Advanced Diagnostics

You will need to use the supplied ADMX/ADML files to configure the agent via Group Policy.
To do this, on your Domain Controller, copy the “DirectAccess Connectivity Assistant GP.admx” file to the folder “%systemroot%\PolicyDefinitions” and then copy the “DirectAccess Connectivity Assistant GP.adml” file to the folder “%systemroot%\PolicyDefinititions\language”. For example “%systemroot%\PolicyDefinitions\en-us” or “%systemroot%\PolicyDefinitions\de-DE”.

After that, you can launch the Group Policy Management MMC, open your DirectAccess GPO and navigate to “Computer Configuration / Administrative Templates / DirectAccess Connectivity Assistant”. You can now specify a couple of settings needed to use the tool.

At this point, I would like you to read the Deployment Guide supplied with the download, as it will help you to successfully deploy and configure your Assistant.

Bitlocker is a nice piece of security technology. My company, working mainly in IT consulting, uses only notebooks and of course needs to transport sensitive data from time to time. So, since Vista we use BitLocker to protect our valuable information from theft, e. g. in case of a stolen notebook. We also deployed it for some customers.

One question is always asked: what about the performance loss?  I don’t have much knowledge about how exactly BitLocker works under the hood, but I of course had the general experience that BitLocker secured systems are not slow at all. So I got myself a second hard drive for my notebook and ran a small test to clarify this question based on my hardware. This benchmark was mainly intended for me, but I decided to share the data anyway.

The test machine:
Lenovo ThinkPad T61, Intel Core2Duo T7500 2.2 GHz, 4 GB RAM
Hitachi HDD, SATA, 2.5″, 100 GB, 7200 RPM
Windows 7 Enterprise x64

I used ATTO as the benchmarking tool. The test process was simple: two runs without BitLocker, two runs with it.

The Result

For the read-performance there wasn’t a real performance drop, as you can see in the screenshots.
The write-performance dropped by about 4.5%. In my opinion, that isn’t bad at all. I’ve seen worse results for TrueCrypt and others, but I don’t want to compare software here.

Now of course, one has to decide how to interpret the result. Obviously it is limited to the used hardware, but I would say it won’t be any worse on a ThinkPad T500. Then again, this was a synthetic benchmark which does not reflect the normal workload or work-pattern. Anyway, my “feeling”, the performance-loss cannot be high, is backed up.