Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)
From: Shant Hotoyan (shotoyan_at_scelectric.ca)
Date: 07/03/03
- Next message: ho alexandre: "Re: SSL without certificates"
- Previous message: MS: "SSL without certificates"
- Next in thread: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
- Reply: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Jul 2003 09:21:26 -0400
I've already tried that. I manually synced the domain to make sure all DC's
had the new GPO, then rebooted the test system. I then tried stopping and
restarting the policyagent. I even left the maching running for half a day
to see if there would be a difference after the 180 minute refresh. Nothing
changed. It receives the policy from the domain, but the contents of the
policy are not being applied.
"Louise Bowman [MSFT]" <lbowman@microsoft.com> wrote in message
news:#5VrGiNPDHA.2476@TK2MSFTNGP10.phx.gbl...
> If the computer is a member of a domain - as it is in your case, policy
> retrieval happens when the system starts or at the defined IPSec policy
> polling interval(default 180 minutes) AD Policy.
> If you manually stop and start Policy Agent - i.e. net stop policyagent
> and net start policyagent - it should read the policy and apply it
> immediately.
>
> Louise (MSFT)
> IPSec
>
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Shant Hotoyan" <shotoyan@scelectric.ca> wrote in message
> news:OIU5xvMPDHA.1336@TK2MSFTNGP11.phx.gbl...
> > I'm trying to setup an IPSec Filter policy to block assigned systems
from
> > accessing the Internet. I've managed to create the filter lists and
> policy
> > successfully (created a policy with 2 filters, one blocks all traffic
> > to/from all addresses, and the other allows all traffic to/from all
> > addresses in our local subnet).
> >
> > If I create the filters and policy locally on a system, everything works
> > fine and the system cannot access the Internet but can access the local
> LAN.
> > However if I create the exact same filter lists and policy onto the
domain
> > and apply it through group policy, it doesn't work. GPResult shows that
> the
> > policy was applied to the system, and IPSecMon shows that IPSec is
enabled
> > on the system, but the filter lists simply do not work.
> >
> > Any ideas?
> >
> > Thank you,
> > Shant Hotoyan, MCSE, CCNP
> > Network Administrator
> > S&C Electric Canada Ltd.
> >
> >
> >
>
>
- Next message: ho alexandre: "Re: SSL without certificates"
- Previous message: MS: "SSL without certificates"
- Next in thread: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
- Reply: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
