Information Technology Reference
In-Depth Information
Using a Command-Line Interface
The following command unassigns an IPSec policy called Default IPSec Policy:
> netsh ipsec static set policy name = "Default IPSec Policy" assign = no
How It Works
If you need to “turn off” the IPSec settings contained within a particular policy, you will unas-
sign that policy. If you have assigned IPSec policies through group policy, you will need to wait
for Group Policy to refresh before any changes will be reflected on the local computer. To apply
changes immediately, go to the command prompt and type
gpudate /force
, and reboot if
prompted to do so.
If you wish to actually delete an IPSec policy that is stored in Active Directory, you should
unassign the policy 24 hours before deleting it. This will allow the change in assigned policies
to propagate throughout Active Directory before deleting the policy. If you delete a policy that
is stored in Active Directory without following this procedure, computers on your network may
continue to use a cached copy of the deleted policy.
See Also
Microsoft TechNet: “Assign or Unassign IPSec Policy in Group Policy” (
http://
www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/
52b69518-ba98-4c7e-aa1d-4591ad74903a.mspx
)
Microsoft TechNet: “Assign or Unassign IPSec Policy on a Computer” (
http://
www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/
9e555f14-1bfa-4eba-ae93-d4d761d9d0f4.mspx
)
Microsoft TechNet: “Delete an IPSec Policy” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
443a03ab-a870-4e1d-bc57-b80947f221ca.mspx
)
7-11. Exporting an IPSec Policy
Problem
You want to export the IPSec configuration of a Windows Server 2003 computer. You can do
this before making changes to save the current policy configuration to enable quick rollback,
or to configure another computer with the same policy configuration.
Solution
Using a Graphical User Interface
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings.
