Skip navigation

Finding an IPSec Policy's Preshared Key

To find an IP Security (IPSec) policy's preshared key, you must enumerate the policy's properties and obtain the name of the corresponding ipsecNFA object that holds the key. To do so, open the Microsoft Management Console (MMC) Group Policy console, select any Group Policy Object (GPO), and go to Computer Configuration, Windows Settings, Security Settings, IP Security Policies on Active Directory (AD). Make a note of the description (not the name) of the IPSec policy object whose preshared key you want to find.

Next, open the MMC Active Directory Users and Computers snap-in. Select View, Advanced Features from the menu bar. Maneuver to System, IP Security and use the Description column to find the corresponding ipsecPolicy object. Open the object’s Properties dialog box and go to the Object tab. Note the policy’s name, which is part of the object's Fully Qualified Domain Name (FQDN) and which starts with ipsecPolicy followed by a globally unique identifier (GUID)—for example, ipsecPolicy\{4C5B6CE4-F779-486E-B65A-FD4F6CF9DD1B\}.

Next, run the Microsoft Windows 2000 Server Resource Kit's Enumprop tool. Open a command prompt and type

enumprop "LDAP://CN=ipsecPolicy\{GUID\},CN=IP
Security,CN=System,DC=ad,DC=local"

where GUID is the policy’s GUID and DC=ad,DC=local is your domain’s name (e.g., DC=example,DC=com for the domain example.com). As Web Figure A shows, Enumprop enumerates each of the object's properties, including ipsecNFAReference, which is the name of the ipsecNFA object that holds the preshared key. Run Enumprop for the ipsecNFA object and examine the ipsecData property to find the key. Win2K stores the key in ipsecData as Unicode. Web Figure B shows a repeating sequence of 0x0 0x58 0x0 0x59, beginning on the second line of ipsecData. The preshared key I entered for this policy was XYXYXYXYXYXYXYXY; 0x0 0x58 is Unicode for X and 0x0 0x59 is Unicode for Y.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish