Hotfix 5 (AAC420W005) is available for Advanced Access Control 4.2. The fix list is quite large - 50 fixes are listed in the readme file. One of the most important updates that you will need to be aware of, are changes to the Endpoint Analysis scans. This means that scans that you have installed into AAC will require updating to work with the new hotfix. From the Citrix readme:

Daemon Tools was giving me some grief after upgrading to Windows Vista RTM and I had to update to version 4.08 which includes an updated SPTD driver for the virtual CDROM drive. When running the 4.08 installer for the first time, I had to uninstall the old version and reboot. After the reboot, I ran the installer again and the following error message would be displayed: “You must reboot after a previous operation”

No, I haven’t written a step by step guide, but Microsoft has and they have released a document detailing 802.1X NAP enforcement for demonstration purposes. This is a very detailed resource that will require some time and effort to setup, but if you are interested in NAP and 801.2X then this document is for you. Here’s a view of the test lab configuration to give you an idea of what’s involved:

We are testing a private hotfix from Citrix that addresses a HTTP Error 500 on the Access Gateway Advanced Edition 4.2. You may have seen this error in your Access Gateway implementations where access to a Logon Point on the Access Gateway produces the error and a reboot of the appliance temporarily fixes the issue. The hotfix brings the Access Gateway version to Access Gateway 4.2.3 Build 81.31; Build Date: 2006-11-03. I’m unsure if this hotfix is generally available, but if you are experiencing the issue give the good looking guys at Citrix Support a call to obtain a copy of the fix, or wait until a general hotfix is available from the Citrix support web site.

Microsoft has made available a general beta for the Forefront Client Security product. Here’s a quote from the download to give you an idea of what Client Security is about:

Here’s a quick list of interesting NAP and Domain/Server Isolation related links for November:

ISAServer.org has an excellent four part tutorial on using LDAP to pre-authenticate Outlook Web Access. You can find them here:

I’ve been checking out the excellent UltraMon on Windows Vista, which provides some cool hacks for multiple displays under Windows. One of the excellent hacks is the ability to assign a hotkey that moves an application between screens - when you hit the hotkey the application or window appears on the next screen, very handy. However, this appears to work on the Start Menu too. I’m not sure if this happens on Windows XP but here’s what you get with the Start Menu open and then hit the hotkey:

Before I go into what I actually want to talk about, here’s a high level overview of the differences (and similarities) between the Access Gateway and Secure Gateway:

Ian Hameroff has put together a great webcast on the networking features of Windows Vista and Longhorn Server, and as you might expect from the title, how they work when the Longhorn client and server versions are teamed together. The webcast includes an overview of Network Access Protection and Windows Firewall with Advanced Security as well as Server and Domain Isolation and IPSec. The whole webcast is worth watching, however if you’re only interested in NAP and the Windows Firewall skip to about the 19 minute mark.