When is it OK to disable IPSec on windows 2003?

From: Tim <Tim@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Aug 2008 11:38:13 -0700

I have a bunch of servers in my environment that have IPSec enabled but not
configured; some of theose servers are having serious performance issues, but
if I stop and disable the IPSec service, the performance issues go away. I
have read some articles that say that IPSec should only be enabled if it's
going to be configured, but I'm not that familiar with IPSec. I have two
questions:

1. Is the statement that IPSec should only be enabled if it's going to be
configured and used a valid statement?

2. What's the easiest way - besides opening the IPSec Snap-In on every
server and checking for policies - to know whether or not a server is
actually using IPSec policies?

Thanks in advance for your help!
.

Prev by Date: Re: Is DNSSEC supported by Windows?
Next by Date: Re: Windows 2000 Certificate server---->2003
Previous by thread: Groups
Next by thread: Re: When is it OK to disable IPSec on windows 2003?
Index(es):
- Date
- Thread

Relevant Pages

Re: Securing Communication Between Domain Members and their Domain Controllers
... look into using an ipsec tunnel into a gateway computer or ipsec endpoint device or ... > located stand alone servers. ... > integrte them into a single secure Active Directory Domain. ... > member servers to communicate this way, looking through the MS tech. support ...
(microsoft.public.win2000.security)
Win2003 Servers hidden from Network Browse list when using IPSec
... computers in that OU to use IPSec. ... in the Domain Controllers OU, and are exempted completely from IPSec, ... IPSec where they are supposed to, and all show up in the Network ... My Windows 2003 Servers (member servers, ...
(microsoft.public.windows.server.security)
OU GPO Corrupts 2003 Servers only??
... I setup a GPO on the Servers OU and began moving servers into it a ... connectivity to it, so I brought up the remote console through the iLo ... First error msg in the System eventlog was for IPSec. ... inbound and outbound TCP/IP network traffic that is not permitted by ...
(microsoft.public.windows.group_policy)
Re: Preventing users from c onnecting to shares NOT on the domain..
... Are servers on same subnet as clients? ... Yes Kerberos is domain wide but IPSec policy can be OU, ... If you require this computers to communicate with other ... >> and your clients will not want to talk to them. ...
(microsoft.public.win2000.security)
Re: Preventing users from c onnecting to shares NOT on the domain..
... Are servers on same subnet as clients? ... Yes Kerberos is domain wide but IPSec policy can be OU, ... If you require this computers to communicate with other ... >> and your clients will not want to talk to them. ...
(microsoft.public.win2000.networking)