Objective 3.3: Deploy and Manage IPSec Policies

 < Day Day Up > 

IPSec policies can be deployed in two ways. The first way is to use Group Policy objects or local policy objects with IPSec policy set within. Group Policy objects can be applied at the site, domain, and organizational unit levels with the usual rules of inheritance. Local Group Policy only applies to a specific computer and is overridden by any Group Policy object applied at a higher level.

The second way that IPSec policies can be deployed is by means of scripting by using the netsh command. The netsh command can be used to automatically generate complex IPSec policies. This technique is useful to administrators of standalone Windows Server 2003–based computers who cannot deploy IPSec policy by means of GPOs. The IPSec context of the netsh command can be entered by performing the following steps:

  • Run a command prompt.

  • Enter the netsh command.

  • Enter the IPSec context by entering ipsec.

IPSec policies can be managed by using the netsh command in the IPSec context or the IPSec Monitor snap-in for the Microsoft Management Console. Both tools provide information such as how traffic is being authenticated and which hosts have security associations. Both tools also display which IPSec policy is currently in effect. It is important to remember that only one IPSec policy can be applied at a time and that they are not cumulative. When multiple policies are deployed by means of Active Directory, only the policy applied last will have influence over a computer.

 < Day Day Up > 

MCSA(s)MCSE Self-Paced Training Kit Exam 70-299 (c) Implementing and Administering Security in a M[.  .. ]twork
MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a MicrosoftВ® Windows Server(TM) 2003 Network (Pro-Certification)
ISBN: 073562061X
EAN: 2147483647
Year: 2004
Pages: 217

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net