Re: Scripted IPSec policies on Windows XP (without AD/GPOs)

From: Jonathan Glass (jonathan.glass_at_gmail.com)
Date: 05/27/05

  • Next message: David LeBlanc: "RE: Set ACL on Application and Security logs" 
    Date: Fri, 27 May 2005 16:00:47 -0400
To: Rasmus Rønlev <rr.its@cbs.dk>

    Check out my web site:
    http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/

    I worked w/some other IT professionals and student workers, and put
    together a scripted implementation of IPSEC for windows 2000 & XP.

    Jonathan Glass

    Rasmus Rønlev wrote:

    >Hi,
    >
    >Not really having much luck searching on Google, I thought I’d turn to this
    >list, in hopes someone is able to help :)
    >
    >The scenario I have is, that I got Windows XP (SP2) clients, that I want to
    >do ‘outbound’ packet filtering on. The unusual thing at this point in time
    >is, that they’re running on an NT4 domain. This means I do not have access
    >to AD based GPO rollout of IPSec (gpo policies in general).
    >
    >I’ve been experimenting with making an “IP Security Policy” on a local
    >computer through the mmc. However, I need to apply the same policy on
    >multiple computers – i.e. be able to script it in some way. As a note, I do
    >have access to deploying various types of script jobs to the Windows XP
    >computers.
    >
    >So my question is two fold;
    >
    >1.) Is it possible either through the ‘local’ mmc based “IP Security Policy”
    >or using another tool to export the given IPSec policy (for importing
    >elsewhere and/or using in a script)
    >
    >2.) Does anyone know of a way to script applying this IPSec policy onto
    >other/client PC’s (They’re all Windows XP SP2 boxes).
    >
    >Hope you all got some good ideas ;)
    >
    >Regards,
    >r@smus
    >
    >
    >---------------------------------------------------------------------------
    >---------------------------------------------------------------------------
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: David LeBlanc: "RE: Set ACL on Application and Security logs"

    Relevant Pages

    • Re: Windows 2003 & IPSec magically enabled
      ... stack during boot and network initialization. ... If you have no IPsec policy ... to being without an IPsec policy). ... Microsoft MVP (Windows Server System: ...
      (microsoft.public.security)
    • Re: 2000 Server access
      ... Policy of the server to include only the users of the non XP Computers. ... You could also use ipsec to control access to the server if all the other computers ... Windows 2000 computers as client/respond policy. ... administrator to configure ipsec policy in Local Security Policy for a computer. ...
      (microsoft.public.win2000.security)
    • Re: IPsec on Windows 2000
      ... > I need help on IPsec on Windows 2000. ... Select "IP Security Policy Management" ... server are part of a domain then a domain ipsec policy can override the ...
      (microsoft.public.win2000.security)
    • Re: IPsec on Windows 2000
      ... >> I need help on IPsec on Windows 2000. ... > Select "IP Security Policy Management" ... > server are part of a domain then a domain ipsec policy can override the ...
      (microsoft.public.win2000.security)
    • Re: Microsoft Warns of New Windows Flaw (March 19, 2003 )
      ... In WINDOWS SETUP in ADD/REMOVE PROGRAMS of Control Panel ... Uninstall Outlook Express, ... Java, Javascript, ActiveX and all the other script runner toys Billy ... Install WebWasher the spammers are terrified of free from ...
      (comp.security.misc)
    • Quantcast