Information Technology Reference
In-Depth Information
Solution
Using a Graphical User Interface
1.
Open the Services MMC snap-in.
2.
Double-click the IPSec Services entry.
3.
Choose one of the following startup types:
Disabled
: The IPSec Policy Agent will not filter any incoming traffic.
Manual
: The IPSec Policy Agent will not filter any incoming traffic.
Automatic
: The IPSec Policy Agent will enter stateful mode, where it will permit
inbound traffic in response to outbound connections initiated by the local computer.
4.
Click OK to save your settings.
Using a Command-Line Interface
The following command will configure stateful protection during computer startup:
> netsh ipsec dynamic set config bootmode value = stateful
The following command will configure IPSec to block all incoming traffic during
computer startup:
> netsh ipsec dynamic set config bootmode value = block
Using the Registry
To configure a computer to block traffic until an IPSec policy is applied, configure the
following Registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\]
"OperationMode"=dword:1
Set this value to
0
to permit all traffic, or to
3
to configure stateful protection.
Using VBScript
The following script configures a computer to use stateful protection until an IPSec policy
is applied:
' This code configures stateful protection on startup
' ------ SCRIPT CONFIGURATION ------
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
bootMode = 3 ' set to 0 for permit, 1 for block.
' 2 is a reserved value, 3 sets startup mode to stateful
' ------ END CONFIGURATION ---------
