Information Technology Reference
In-Depth Information
3.
Right-click IP Security Policies, select All Tasks, and then select Export Policies.
4.
Enter a name and a location for the export file, and then click Save.
Using a Command-Line Interface
The following command exports the current IPSec configuration to
c:\temp\config.ipsec
:
> netsh ipsec static exportpolicy c:\temp\config.ipsec
■
Note
If you will be using this exported file to configure Windows 2000 computers, limit the length of the
filename to 60 characters, including the path.
How It Works
In cases where you cannot use Group Policy to enforce a consistent IPSec configuration on
multiple computers, you can use a single computer to create the configuration that you want,
and then use the export function to create an .ipsec file based on that configuration. You can
then import that file using
netsh
or the graphical user interface to create a consistent configu-
ration on multiple computers.
■
Caution
If you are using preshared keys for IPSec authentication, exporting your IPSec policies to a file
might reveal the plain text of the key if the file is viewed by an unauthorized individual. This vulnerability
doesn't exist if you're using Kerberos or digital certificates for IPSec authentication.
See Also
Recipe 7-12 for importing IPSec policies
Microsoft TechNet: “Export IPSec Policies” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
38dcee43-6829-4331-8fce-3b9fee963e49.mspx
)
7-12. Importing an IPSec Policy
Problem
You want to import a preconfigured IPSec configuration to a Windows Server 2003 computer.
