How can I manage/create IP Security policies?

A. Windows 2000 supplies the IP Security Policies MMC snap-in which can be used to modify and create IPSec policies which can then be assigned to computers and Group Policy Objects.

To open the snap-in perform the following:

  1. Start the MMC (Start - Run - MMC.EXE)
  2. From the console menu select 'Add/Remove Snap-in' (or press Ctrl+M)
  3. From the Standalone tab click Add
  4. Select 'IP Security Policy Management' snap-in and click Add
  5. Select either 'Local computer' or the domain policy and click Finish. If its for a domain select 'Manage domain policy for this computer's domain'. Click Finish
  6. Click Close to the dialog then click OK

Double clicking the root will display the 3 built-in options

  • Client (Respond Only)
  • Secure Server (Require Security)
  • Server (Request Security)

If you right click on the root you can create a new policy by selecting 'Create IP Security Policy'. If you right click on an existing policy and select Properties you can modify its settings.

Click here to view image

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.