Information Technology Reference
In-Depth Information
Solution
Using a Graphical User Interface
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings\
IP Security Policies.
3.
Right-click the security policy for which you want to configure the default response rule
and select Properties.
4.
Do one of the following:
To enable the default response rule, place a check mark next to <Dynamic> IP Filter
List.
To disable the default response rule, remove this check mark next to <Dynamic> IP
Filter List.
■
Note
If you are creating a new IPSec policy, you'll be prompted to enable or disable the default response
rule during policy creation.
To edit the security methods or authentication methods used by the default response
rule, highlight the rule and select Edit.
5.
Click OK to save your changes.
■
Caution
You cannot delete the default response rule; you can merely deactivate it. Additionally, you
cannot change any properties of the rule except for the security methods and authentication methods it uses.
Using a Command-Line Interface
The following command enables the default response rule for an existing IPSec policy called
Domain IPSec Policy:
> netsh ipsec static set policy name = "Domain IPSec Policy" activatedefaultrule = yes
The following command creates a new policy called Web Server Policy with the default
response rule disabled:
> netsh ipsec static add policy name = "Web Server Policy" activatedefaultrule = no
