Re: Programmatically add and modify IPsec policies

From: Steve Riley [MSFT] (steriley_at_microsoft.com)
Date: 06/09/04

• Next message: Steve Riley [MSFT]: "Re: Dangers of toggling Syskey modes"
• Previous message: Don Amacker: "Restriction in effect on this computer ??"
• In reply to: Colin Eric Johnson: "Programmatically add and modify IPsec policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 9 Jun 2004 10:31:00 -0700

There are no public APIs for IPsec. You can, however, use a command-line
tool to create IPsec policies through scripts. The tool is different
depending on the version of Windows:

Windows 2000 Pro and Server: IPSECPOL
Windows XP: IPSECCMD
Windows Server 2003: NETSH IPSEC

-- 
Steve
steriley@microsoft.com
"Colin Eric Johnson" <colinj+msnews@ccs.neu.edu> wrote in message 
news:eRSlEFNTEHA.3548@TK2MSFTNGP09.phx.gbl...
>
> I'd like to be able to add and modify IPsec policies on standalone 
> machines (not in a domain) from a script or program. Right now I can make 
> changes with the Local Security Policy tool but that requires user 
> intervention on a level that I don't want to have in place. I'd like to 
> write something that can make the changes needed and/or add new IPsec 
> policies with minimal input from the user.
>
> My intended audience are folks who move around with their laptops a fair 
> bit and need one policy in one place and another or no policy in another 
> place.
>
> Can this be down with something like WMI or is there another API that 
> allows this kind of scripting? I haven't found anything in my searches of 
> the Microsoft web site or the web in general (thank you google). If 
> someone could point me in the right direction I think I could take it from 
> there.
>
> -- colin j.
> 

---

• Next message: Steve Riley [MSFT]: "Re: Dangers of toggling Syskey modes"
• Previous message: Don Amacker: "Restriction in effect on this computer ??"
• In reply to: Colin Eric Johnson: "Programmatically add and modify IPsec policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages IPSEC Policies in AD ... Windows and stored in AD. ... We currently do not use IPSEC policies to control ... Block inbound ICMP traffic ... (microsoft.public.win2000.security) Re: IPSEC Policies in AD ... I just started using IPSec when my Novell firewall crashed. ... Then I opened the ports that I ... > Windows and stored in AD. ... > We currently do not use IPSEC policies to control ... (microsoft.public.win2000.security) Re: IPsec policy in XP Home? ... Do you happen to know if IPsec policy can also be used in earlier versions ... But does anyone know if IPsec policies can be ... > domain functions. ... > Microsoft - IPSec in Windows XP Home Edition: ... (microsoft.public.windowsxp.network_web) Re: can xp act as server for vpn connection ... IPSEC L2TP connections won't work behind a NAT firewall without ... included in Windows XP... ... >>you can set the security policy on the client connection. ... (microsoft.public.windowsxp.work_remotely) RE: Passwords with Lan Manager (LM) under Windows ... IPsec does (or at least can and I am not going into a page of detail to ... authenticating the client system ... Passwords with Lan Manager under Windows ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)