Start the IP Security Policy Management snap-in

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To start the IP Security Policy Management snap-in

  • To start the IP Security Policy Management snap-in from the Microsoft Management Console:
  1. Click Start, click Run, type MMC, and then click OK.

  2. Click File, click Add/Remove Snap-in, and then click Add.

  3. Click IP Security Policy Management, and then click Add.

  4. Select the computer for which you want to manage IPSec policies:

    To Do this

    Manage only the computer on which this console is running

    Click Local computer

    Manage IPSec policies for any domain members

    Click The Active Directory domain of which this computer is a member.

    Manage IPSec policies for a domain of which the computer that is running this console is not a member

    Click Another Active Directory Domain.

    Manage a remote computer

    Click Another computer.

  5. Click Finish, click Close, and then click OK.

  • To access the IP Security Policy Management snap-in from Group Policy (Active Directory):
  1. Open Active Directory Users and Computers.

  2. In the console tree, right-click the domain or organizational unit for which you want to set Group Policy.

    Where?

    • Active Directory Users and Computers [DomainControllerName.DomainName]/Domain/OrganizationalUnit/ChildOrganizationalUnit...
  3. Click Properties, and then click the Group Policy tab.

  4. Click Edit to open the Group Policy object that you want to edit. Or, click New to create a new Group Policy object, and then click Edit.

  5. In the Group Policy console tree, click IP Security Policies on Active Directory.

    Where?

    • PolicyName [ComputerName] Policy/Computer Configuration/Windows Settings/Security Settings/IP Security Policies on Active Directory
  • To access the IP Security Policy Management snap-in from Local Computer Policy:
  1. Click Start, click Run, type MMC, and then click OK.

  2. Click File, click Add/Remove Snap-in, and then click Add.

  3. Click Group Policy Object Editor, and then click Add.

  4. Click Finish, click Close, and then click OK.

  5. In the Group Policy console tree, click IP Security Policies on Local Computer.

    Where?

    • Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/IP Security Policies on Local Computer

Notes

  • To manage Active Directory-based IPSec policies, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. To manage local or remote IPSec policies for a computer, you must be a member of the Administrators group on the local or remote computer. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. For more information, see Default local groups and Default groups.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  • To save console settings, on the File menu, click Save.

  • To view the saved console, see Related Topics.

  • You cannot administer Active Directory-based IPSec policy from a computer running Windows XP Home Edition.

  • To manage policies in a remote domain, you must be using a computer that is a member of a domain that is trusted by the remote domain. You cannot configure policies in a remote domain from a computer that is a member of a workgroup (also known as a stand-alone computer).

  • To revise your initial choice, you can start the Microsoft Management Console, add this snap-in again, and save the console again. If you require multiple configurations, you can save the console with another name.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Add, edit, or remove IPSec policies
Policy-based security
Open a saved MMC console for local and remote computers
Save an MMC console file