Apply IPsec Policy Settings to Client Computers

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

To enforce IPsec rules on NAP client computers, the computers must be made members of the organizational units (OUs) created in Configure OUs for IPsec NAP.

Membership in the local Domain Admins group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Apply IPsec policy settings to client computers

Use the following procedure to add NAP client computers as members of OUs for use with NAP and the IPsec enforcement method. When a computer is a member of the OU, IPsec policy settings for the OU will be enforced on this computer.

To apply IPsec policy settings

1. On a domain controller, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. In the console tree, click the Computers container.

3. To make a computer a member of the IPsec boundary OU, right-click the computer name, click Move, click IPsec Boundary, and then click OK.

4. To make a computer a member of the Vista IPsec Secure OU, right-click the computer name, click Move, click Vista IPsec Secure, and then click OK.

5. To make a computer a member of the XP IPsec Secure OU, right-click the computer name, click Move, click XP IPsec Secure, and then click OK.

6. Restart the client computer or refresh Group Policy to make the new OU membership active.

7. Close the Active Directory Users and Computers console.