Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)

From: Louise Bowman [MSFT] (lbowman_at_microsoft.com)
Date: 06/27/03 

Date: Fri, 27 Jun 2003 11:18:34 -0700

If the computer is a member of a domain - as it is in your case, policy
retrieval happens when the system starts or at the defined IPSec policy
polling interval(default 180 minutes) AD Policy.
If you manually stop and start Policy Agent - i.e. net stop policyagent
and net start policyagent - it should read the policy and apply it
immediately.

Louise (MSFT)
IPSec 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
"Shant Hotoyan" <shotoyan@scelectric.ca> wrote in message
news:OIU5xvMPDHA.1336@TK2MSFTNGP11.phx.gbl...
> I'm trying to setup an IPSec Filter policy to block assigned systems from
> accessing the Internet.  I've managed to create the filter lists and
policy
> successfully (created a policy with 2 filters, one blocks all traffic
> to/from all addresses, and the other allows all traffic to/from all
> addresses in our local subnet).
>
> If I create the filters and policy locally on a system, everything works
> fine and the system cannot access the Internet but can access the local
LAN.
> However if I create the exact same filter lists and policy onto the domain
> and apply it through group policy, it doesn't work.  GPResult shows that
the
> policy was applied to the system, and IPSecMon shows that IPSec is enabled
> on the system, but the filter lists simply do not work.
>
> Any ideas?
>
> Thank you,
> Shant Hotoyan, MCSE, CCNP
> Network Administrator
> S&C Electric Canada Ltd.
>
>
>

Relevant Pages