I was browsing through some of the PDC reporting, when this announced feature of Windows 7 caught my eye; DirectAccess. It's supposed to be a VPN which you don't have to set up, it just magically works.
Really? I didn't know that VPN's were so hard to set up. My personal experience is with managing OpenVPN (on Windows and Linux), but I also used Windows VPN's with PPTP (again with Windows and Linux clients). It newer took more than 5 minutes to set up, this is counting the installation of software!
In MS view are Windows sysadmins so incompetent that they need a magic pixiedust one-click-does-it-all solution? And if yes, do they think that the same sysadmins who will enable this have any idea about security? "Access all of your network shares from anywhere" - this includes from a stolen laptop.
There needs to be a barrier of complexity for such software, which makes the person who is setting it for the first time read the documentation and hopefully get a few security tips on the way.
> In MS view are Windows sysadmins so
ReplyDelete> incompetent that they need a magic
> pixiedust one-click-does-it-all
> solution?
In the MS view there is no systems administrator, just a user who has access to the Administrator account.
That's not so much intentional as it is a realistic view of the Microsoft customer space.
@padraig: I agree with you. However making it so that they can enabled/disable a feature which has such a wide ranging security implications with a mouse click is a step in the wrong direction (IMHO).
ReplyDeleteIf they need to read documents where it is clearly spelled out that you shouldn't do X there might be a chance that they won't do X (then again, this might be the equivalent of "are you sure" messageboxes where everyone clicks yes without thinking...)