Information Technology Reference
In-Depth Information
■
Caution
You can restore only the default policy examples for a local computer. This procedure will not
work for IPSec policies stored in Group Policy.
How It Works
If you've configured a number of IPSec policies on a Windows Server 2003 computer, it might
be necessary to “wipe the slate clean” if that computer is being moved into another physical
location on the network or is being migrated to serve a different logical role in your network
infrastructure. By using the
restorepolicyexamples
command, you revert to the three IPSec
policies that are installed by default on a Windows Server 2003 computer: Permit, Request
Security (Optional), and Require Security. Any changes that you've made to these policies will
be overwritten by this process.
The only drawback to this technique is that it is applicable to only IPSec policies that are
stored locally. You cannot use this command to affect IPSec policies that are stored in Active
Directory. For this reason, it is best not to directly edit the three default IPSec policies in Active
Directory; rather, create new IPSec policies to meet your needs. This way, if you need to “start
over” with your Active Directory policies for any reason, you have the three default policies in
a pristine and unaltered state that you can restore at any time.
See Also
Recipe 7-1 for creating an IPSec policy
Microsoft TechNet: “Restore Default IPSec Policies” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
1063886e-afca-4ea5-969d-2436946bc421.mspx
)
7-20. Displaying IPSec Information
Problem
You want to view details of the current IPSec configuration that has been applied to a Windows
Server 2003 computer. This should be your first step when troubleshooting network communi-
cation issues that you suspect are related to an IPSec policy.
Solution
Using a Graphical User Interface
1.
Open the IP Security Monitor MMC snap-in,
2.
Navigate to IP Security Monitor\<
ServerName
>\Active Policy. In the right pane, you'll
see the following information:
Policy name
Policy description
