This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

How can we change or reset the submitted IPsec Gpo in an Active directory

Question
0

Sign in to vote

1. Decided to have an IPsec on the Active directory to govern the traffic in a 2008 domain members and environment.
2. Edited a policy script, lists of Filter action,FilterNames, address filters.. etc..and rules.
3. Loaded The IPsec Policy script by the command netshel -F ScriptFileName.txt
4. Created a new GroupPolicyObject in the Domain and linked it and in the asigned it and then run the gPupdate /force and Saw it Fuynction well in all the domain member nodes.
5. After 24 hours of observation decided to add a couple of more lists,, to allow for the trafic to the File and priner servers and also the IE ProxiServer.
6. Deasign the Submitted policy and run gpupdate /force and then repeated the steps 1 and then reasigned the policy. Here I noticed that there are double entries in the Property View of the Policy.
7. This time deasigned and then deleted the policy and run the force gpupdate... Working in the DC node.
8. Verfied that there are No inhibition and that NO IPsec was active on some of the domain member nodes.
9. Did the steps 1 and already here the response to the NetShel command states that there are already entries for the filter Lists and rules..
So My question is what is the correct procedure to wipe out an IP sec policy and resubmit it in an elegant and problem free way.

Looking forward to your help
Regards
BlueOcean

Sunday, November 22, 2009 9:22 PM

Answers

0

Sign in to vote
To reset to the Factory default kind of function, follow the screenshot below
http://cid-84acb8d256372d47.skydrive.live.com/self.aspx/Public%20Folders/IPSec%20GPO%20Clear.png
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
- Edited by RamaSubbu SK Tuesday, November 24, 2009 1:05 AM Fix image link
- Marked as answer by Greg LindsayMicrosoft employee Wednesday, November 25, 2009 5:55 AM
Tuesday, November 24, 2009 1:04 AM
0

Sign in to vote
Here is the actual image. The forums now support images. Just go to the online image, right-click and copy, then right-click and paste into your forum post (or use keyboard shortcuts CTRL-C, CTRL-V). You can't copy-paste from an image on your computer. It must be already posted online somewhere.
- Marked as answer by Miles Zhang Thursday, November 26, 2009 8:30 AM
Tuesday, November 24, 2009 10:00 AM

All replies

0

Sign in to vote
To reset to the Factory default kind of function, follow the screenshot below
http://cid-84acb8d256372d47.skydrive.live.com/self.aspx/Public%20Folders/IPSec%20GPO%20Clear.png
Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
- Edited by RamaSubbu SK Tuesday, November 24, 2009 1:05 AM Fix image link
- Marked as answer by Greg LindsayMicrosoft employee Wednesday, November 25, 2009 5:55 AM
Tuesday, November 24, 2009 1:04 AM
0

Sign in to vote
Here is the actual image. The forums now support images. Just go to the online image, right-click and copy, then right-click and paste into your forum post (or use keyboard shortcuts CTRL-C, CTRL-V). You can't copy-paste from an image on your computer. It must be already posted online somewhere.
- Marked as answer by Miles Zhang Thursday, November 26, 2009 8:30 AM
Tuesday, November 24, 2009 10:00 AM