Information Technology Reference
In-Depth Information
Using a Command-Line Interface
The following command assigns an IPSec policy called Default IPSec Policy:
> netsh ipsec static set policy name = "Default IPSec Policy" assign = yes
How It Works
Although you can define any number of IPSec policies on a local Windows Server 2003 computer
or within Active Directory, you can apply the settings of only a single policy to a single computer at
any given time. This process is known as
assigning
an IPSec policy. By assigning an IPSec policy
to a computer or group of computers, you are indicating that the settings contained within that
policy should apply to those computers.
■
Note
If you assign an IPSec policy when one is already assigned, the old policy will be unassigned in favor
of the new one.
See Also
Recipe 7-10 for unassigning an IPSec policy
Microsoft TechNet: “Assign IPSec Policy” (
http://www.microsoft.com/technet/
prodtechnol/windowsserver2003/library/ServerHelp/
08231c39-157f-409c-b7d3-0c94acf09d53.mspx
)
Daniel Petri, “How Can I Configure an IPSec Policy Through GPO?”
(
http://www.petri.co.il/configuring_ipsec_policies_through_gpo.htm
)
7-10. Removing IPSec Configuration Information
Problem
You want to remove (unassign) IPSec configuration information to troubleshoot network
connectivity or return to a different configuration.
Using a Graphical User Interface
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings\
IP Security Policies.
3.
Right-click the security policy that you want to remove from the container and select
Un-Assign.