Home & Office

Use IPv6 in Windows 7 Today

If you're already using Windows 7, you may already be using IPv6 with DirectAccess or HomeGroup. Here's what's what with these network features.

As people debate how serious the coming Internet IPv4 shortage really is going to be and when they should migrate to IPv6, some of them may already be using IPv6 every day, and not know it. Seriously.

You see Windows 7 doesn't just come with IPv6 already installed, it actually uses it for two very different network applications: DirectAccess and HomeGroup.


The first one, DirectAccess is for enterprise users. DirectAccess, which you get with Windows 7 Enterprise and Ultimate, when used with Server 2008 R2 combines IPv6 with Internet Protocol security (IPSec) to provide a high-speed, Virtual Private Network (VPN). DirectAccess' built-in VPN is great for stopping network snoopers using Firesheep.

In addition, DirectAccess can be integrated with Network Access Protection (NAP). NAP automatically checks that a remote PC has up-to-date software and the proper policy-set security settings. If need be, the network administrator can set NAP to update the computer and reset its security. So, for example, with DirectAccess and NAP, you can not just block a non-compliant PC from your intranet; you can automatically patch it, add the corporate standard anti-virus client, set it to your desired security settings, and then let it on the network.

I love this combination of features. Once set up properly, it makes managing and securing remote PC so much easier.

With DirectAccess, you can also boost both the client and your data-center's network performance. It does this by separating your business intranet traffic from Internet traffic. With DirectAccess, only business network traffic actually starts from or goes to the corporate servers. Ordinary Internet traffic, say someone killing time watching a Hulu Plus video, is never side-tracked through the corporate gateway.

The result is a net speed boost for both the Windows 7 client and for the data center's network traffic. The remote users will no longer waste time waiting for run-of-the-mill Internet transactions to run through the data center. In return, the data center's switches don't need to spend their bandwidth on these transactions. With an ordinary VPN, all traffic is routed through the corporate gateway.

You don't have to have native IPv6 running on your network to use DirectAccess. Windows 7 and Server 2008 R2 includes IP-HTTPS support. This is a tunneling protocol that tunnel IPv6 packets to hide inside an IPv4-based HTTPS session. If you know you're on an IPv4 network, almost always the case on a hotel, coffee-shop, or conference center, you should probably set your remote Windows 7 users to use IP-HTTPS by default with the Force Tunneling option.

To do this as a network administrator, you'll want to take the following steps:

  1. To open the Group Policy Management console, on a Domain Controller click Start, click Control Panel, click Administrative Tools, and then click Group Policy Management. Once there, create a Group Policy Object(GPO)for DirectAccess client computers.
  2. In the new DirectAccess clients GPO , navigate to Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Route all traffic through the internal network. Then, click Edit policy setting, click Enabled, and then click OK.
  3. To make IPv4-based Internet resources available to DirectAccess clients that use IP-HTTPS, you must use a Web proxy server. If the Web proxy server does not support IPv6, you can use Microsoft's Forefront UAG DirectAccess server NAT64 feature. This takes IPv6-based requests for Internet resources, and translates them to IPv4-based requests.

Page 2: [HomeGroup and IPv6]  »


« Page 1: [DirectAccess and IPv6]

HomeGroup, on the other hand is only suitable for very small networks. Very small businesses that don't require Active Directory (AD) services or management may find HomeGroup a useful alternative to the older domain or Workgroup peer-to-peer style networking.

Before switching your small network to HomeGroup, there are several potential problems to keep in mind. First, generally speaking HomeGroup is a Windows 7 only technology. Without manually setting up a Windows 7 system as a mini-server in its own right, non-Windows 7 systems will be unable to access a HomeGroup PC's resources.

While you can set up a HomeGroup PC to share its resources with Windows XP, Windows Vista, Mac OS X, and Linux, I can't recommend it. It's too much trouble for a mini-network. If you really need that kind of cross operating system file sharing, you'll be better off going with a real server, such as Windows 2003, Windows Server 2008, Linux running Samba, or, easiest of all, just buying a good network attached storage (NAS) device and plugging it into your network.

You should also keep in mind that while you can join a HomeGroup with any edition of Windows 7, you can only create one with Home Premium, Professional, Ultimate, or Enterprise. So, in short, you can't use it as drop-in replacement for an existing Windows XP peer-to-peer Workgroup network in which every PC shares all its resources with the others.

Some users who've already been using IPv4 may also have trouble turning IPv6 on for their HomeGroup. Typically, this is what happens: they try to enable IPv6 by opening Network Connections in the Control Panel, right-clicking the adapter, and clicking properties. Under "Local Area Connection Status" they see:

IPv4 Connectivity: Internet IPv6 Connectivity: No network access

and, even after trying to turn on IPv6, it won't switch on. If that happens to you, you need to manually set up IPv6. To do this, take the following steps:

  1. Click Start, type regedit in the Start Search box, and then click regedit.exe in the Programs list. In the User Account Control dialog box, click Continue.
  2. In Registry Editor, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
  3. Double-click DisabledComponents to modify the DisabledComponents entry.
  4. Type 0 (Zero) on all IPv6 components to enable them, and then click OK.
  5. Reboot.

When this is done, you should have IPv6 and you'll be ready to set up your HomeGroup.

So, there you go, two good reasons to go ahead and use IPv6 today with your Windows 7 PCs. Enjoy!

Editorial standards