How do I define IPSec policy for a group policy object?

A. IPSec in a normal environment will be defined using a Group Policy object configured on a domain or organizational unit.

  1. Start the Active Directory Users and Computers MMC snap-in (Start - Programs - Administrative Tools - Active Directory Users and Computers)
  2. Right click on the container that has the GPO and select Properties (e.g. the domain)
  3. Select the 'Group Policy' tab
  4. Select the Group Policy Object and select Edit
  5. Expand the Computer Configuration root
  6. Expand Windows Settings - Security Settings - IP Security Policies
  7. Right click on the policy you wish to assign and select assign from its context menu
    Click here to view image
    You can only have one assigned, if you assign more than one the previously assigned one will be unassigned
  8. Close the Group Policy editor

If you wanted to remove the policy you would right click on the assigned one and select un-assign from its context menu. Unlike other Group policy settings IPSec policies will remain even if the GPO is deleted so make sure you un-assign before deleting the GPO.

Force a GPO update:

:\&gt;<b>secedit /refreshpolicy machine_policy /enforce</b><br>
Group policy propagation from the domain has been initiated for this computer. It may take a few minutes for the propagation to complete and the new policy to take effect. Please check Application Log for errors, if any.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.