back to article Microsoft warns Direct Access on Windows 10 and 11 could be anything but

Microsoft continues to fix problems that pop up after users have installed the latest updates to Windows 10 and 11 – including one that causes problems with the Direct Access remote connectivity feature. Direct Access allows remote workers to connect to resources on the corporate network without using traditional VPN …

  1. Pascal Monett Silver badge

    Direct Access

    Why is it that Borkzilla continuously strives to ensure that malware will have the best possible access to its platform ?

    What's wrong with VMs ? They help ensure that any malware on the user side will not be able to attain the corporate side. It may not be perfect, but IMHO it's a hell of lot better than just plugging a user PC directly into the corporate network.

    1. Someone Else Silver badge
      Holmes

      Re: Direct Access

      What's wrong with VMs ?

      Nothing...except that Micros~1 doesn't control them, and they make slurpage all that much more difficult for them.

    2. jollyboyspecial

      Re: Direct Access

      I've never liked DA as a solution to the problem, but I don't see why VMs would make a difference.

  2. Anonymous Coward
    Anonymous Coward

    Backups

    They also seem to have done something weird with backups. When my PC was running W7 it used to backup to a local drive, but after 'upgrading' to W10 a couple of years ago I stopped that backup and configured the W10 backup to copy to a local server.

    A couple of days ago I noticed that my local drive was full, and discovered that my W7 backup had been restarted around the beginning of November, and had backed-up 2 years worth of changes.

  3. TaabuTheCat

    Another bullet dodged

    I spent most of my career trying to keep all flavors of Windows up and running, dealing with dodgy patches, functionality that simply didn't work as advertised and the whims of Microsoft's UI team. A year ago I said enough of this and moved to a totally different role that has zero to do with Windows. I've got to admit that reading a story like this spikes my angst for just a moment, and then I remind myself this self-inflicted mess is now someone else's problem. The relief that brings is hard to put into words.

    1. chivo243 Silver badge
      Coat

      Re: Another bullet dodged

      I walked a mile or 20 in those shoes too. I have also shed windows support, but keep my eyes open for bed soiling stories like this one, I like to keep my ex-colleagues\friends on their toes!

      Taking the windows support disks out of my coat...

  4. Mr Humbug

    My experience is that Direct Access has always been unreliable when you move between networks without restarting the PC. It's really useful when it works, but...

    1. Anonymous Coward
      Anonymous Coward

      Interesting - I have never used direct access, but found similar to you when trying out an "always connected" OpenVPN setup - it worked find on Linux machines moving between networks, but the windows ones I tested quite often managed to end up with no connectivity to anything until they were restarted, so that suggests it's more something inherent within Windows networking rather than the VPN per se. I had an idea at the back of my mind that MS used one of the BSD network stacks, although I can't find anything to support that, so maybe I made it up - anybody else able to advise on that?

    2. NeilPost

      Occasionally it fails to reconnect, but the end user impact is far less than the constant dicking around and inexplicable connect failures I get with Fortinet nodes - we have both.

      Most of the TM time DA is just the Little Train than Can - chugs away in the background, day in, day out , doing it’s job.

  5. Missing Semicolon Silver badge

    Not a VPN?

    So how does it provide secure access to the corporate network/

    1. Anonymous Coward
      Anonymous Coward

      Re: Not a VPN?

      According to Wikipedia: "DirectAccess, also known as Unified Remote Access, is a VPN technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, DirectAccess connections are designed to connect automatically as soon as the computer connects to the Internet."

      So - it is a vpn, just not called one!

  6. Terry 6 Silver badge

    FFS

    Do they ever check anything works properly any more?

    1. Pirate Dave Silver badge

      Re: FFS

      Yeah, and worse that they obviously no longer give any more of a shit about their Server updates than they do the desktop updates. They used to at least try a little harder with the server updates, but I guess those days are gone. And if they actually did "try a little harder" on this server update, then it must have really been a mess to start with if this still managed to slip out.

      1. 43300 Silver badge

        Re: FFS

        Not sure that they've ever been any better with servers! I remember in particular there being a tendency to completely break Exchange or the Outlook connectivity to it, many versions ago...

      2. Microsoft Agent

        Re: FFS

        They shoot for thr bare minimum now adays. As long as it works, they're calling it a win. They should be ashamed.

        1. Pirate Dave Silver badge

          Re: FFS

          Move fast, break (other people's) things...

    2. TVU Silver badge

      "Do they ever check anything works properly any more?"

      Nope, because back in 2014 Microsoft pretty much sacked all of their quality control and testing staff hence all the borked updates and subsequent update amendments/retractions, etc.

    3. 43300 Silver badge

      Re: FFS

      "Do they ever check anything works properly any more?"

      No.

      Not seen it reported anywhere, but another current one is that the latest version of Outlook for Android doesn't work on some phones - opens for two or three seconds, then closes. Not found a solution as yet.

      1. DJV Silver badge

        Re: Outlook for Android doesn't work on some phones

        That's an improvement, Shirley!

  7. Jou (Mxyzptlk) Silver badge

    So many bugs in Windows 11 22H2

    While 21H2 is just annoying the REAL bugs in 22H2 are bad. So many of them pop up, most of them reported via Insider for quite a while. My pet bug is that "Previous Versions" in explorer does not work for local drives any more since, at least, June. Anyone can check for that bug with a little tool actually designed to make shadowcopy/snapshots great again for the client OS. I love shadowcopy, saves you from many "Uh-Oh" problems - but does not replace backup, obviously.

    1. 43300 Silver badge

      Re: So many bugs in Windows 11 22H2

      Whereas Windows 10 22H2 seems largely fine - could be related to the fact that it has barely any changes from the previous release!

      1. Jou (Mxyzptlk) Silver badge

        Re: So many bugs in Windows 11 22H2

        Of course Windows 10 22H2 = Build 19045 is fine. The kernel is stuck at 20H1 = Build 19041. The kernel-level updates are so minor. Not even SMB-Compression, the way it was introduced with Windows 11 and Server 2022, got in.

    2. Someone Else Silver badge

      Re: So many bugs in Windows 11 22H2

      One could argue that Windows 11 is itself a bug...

    3. Plest Silver badge

      Re: So many bugs in Windows 11 22H2

      My wife patched to 22H2 and I avoided it as 35 years working in IT has taught me that you never patch on the day a patch comes out because 95% of the time the patch always needs a patch to fix the patches and the underlying bugs. Same as you never, ever run GA unless you just want to play and not actually run it properly.

      "Once bitten, twice shy."

  8. This post has been deleted by its author

  9. jollyboyspecial

    What's wrong with a VPN anyway?

    DA is a horrible product. Not because it's leaky, but because it's not a real solution. It only really works if your entire organization is pure Microsoft end to end. As soon as your end users want access to something that's not MS then either you have to implement some horrible clunky work around or you need to have a split solution where you're using DA to access MS stuff and a "traditional VPN" (as MS like to call it) for anything else.

    I don't even understand what's wrong with a traditional VPN anyway.

    1. Anonymous Coward
      Anonymous Coward

      Re: What's wrong with a VPN anyway?

      We're an almost 99% pure MS shop and we do NOT use DA, we use a third-party VPN from a very well known enterprise network security corp simply to ensure that if someone hits MS in the infosec nadgers we don't lose our shirt as every hacker scumbag finds a way into our network. It's just plain, simple common sense to never put all your eggs in one basket.

      1. Terry Barnes

        Re: What's wrong with a VPN anyway?

        That makes little sense. You’ve just got a different risk. You haven’t removed one.

        1. 43300 Silver badge

          Re: What's wrong with a VPN anyway?

          But you are diversifying the various risks - and most companies who produce third-party VPN systems are probably rather less likely to really fuck up than Microsoft is!

    2. Jou (Mxyzptlk) Silver badge

      Re: What's wrong with a VPN anyway?

      Especially since OpenVPN, configured accordingly for such situations, can do this too.

      That includes Windows AND Linux on the server side as well, I implemented both as servers.

  10. Johnny Canuck

    No DHCP

    DHCP on my Windows 11 laptop stopped working last night after a reboot. None of the usual fixes for network issues worked. I don't need this laptop for work, so I downloaded Linux Mint and I'm installing it tonight.

  11. Anonymous Coward
    Anonymous Coward

    Rediculous

    Yep, once again, MS Windows updates screws with every computer running windows. My brand new alienware pc is slowed down and glitchy. Im not able to backtrack to a previous version either. Im beginning to think that MS has purposly developed windows to allow users to have ZERO control of their systems.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like