To start the IP Security Policies snap-in

  • Article

  • To start the IP Security Policies snap-in from the Microsoft Management Console:

    1. Click Start, click Run, type MMC, and then click OK.

    2. In MMC, click File, click Add/Remove Snap-in, and then click Add.

    3. Click IP Security Policy Management, and then click Add.

    4. Select the computer for which you want to manage IPSec policies:

      To

      Do this

      Manage only the computer on which this console is running

      Click This computer.

      Manage IPSec policies for any domain members

      Click The Active Directory Domain of which this computer is a member.

      Manage IPSec policies for a domain of which the computer that is running this console is not a member

      Click Another Active Directory Domain.

      Manage a remote computer

      Click Another computer.

    5. Click Finish, click Close, and then click OK.

  • To access the IP Security Policies snap-in from Group Policy (Active Directory):

    1. Open Active Directory Users and Computers

    2. In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.

      Where?

      Active Directory Users and Computers [DomainControllerName.DomainName] > Domain  > OrganizationalUnit  > ChildOrganizationalUnit... 

    3. Click Properties, and then click the Group Policy tab.

    4. Click Edit to open the Group Policy object that you want to edit. Or, click New to create a new Group Policy object, and then click Edit.

    5. In the Group Policy console tree, click IP Security Policies on Active Directory.

      Where?

      PolicyName [ComputerName] Policy > Computer Configuration > Windows Settings > Security Settings > IP Security Policies on Active Directory

  • To access the IP Security Policies snap-in from Local Computer Policy:

    1. Click Start, click Run, type MMC, and then click OK.

    2. In MMC, click File, click Add/Remove Snap-in, and then click Add.

    3. Click Group Policy, and then click Add.

    4. Click Finish, click Close, and then click OK.

    5. In the Group Policy console tree, click IP Security Policies on Local Machine.

      Where?

      Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > IP Security Policies on Local Machine

Note

  • To start Active Directory Users and Computers, open a Remote Desktop Connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure.

  • To save console settings, on the File menu, click Save.

  • You cannot administer Active Directory-based IPSec policy from a computer running Windows XP Home Edition.

  • To define Active Directory-based IPSec policy, you must have Group Policy administrative permissions. To manage local or remote IPSec policy for a computer, you must be a member of the Administrators group on the local or remote computer.

  • To manage policies in a remote domain, you must be using a computer that is a member of a domain that is trusted by the remote domain. You cannot configure policies in a remote domain from a computer that is a member of a workgroup (also known as a stand-alone computer).

  • To view the saved console, see Related Topics.

  • To revise your initial choice, you can start the Microsoft Management Console, add this snap-in again, and save the console again. If you require multiple configurations, you can save the console with another name.