Re: IPSEC Policy question

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 13:47:38 -0600

Ipsec policy is computer configuration so the "computers" that want this to
apply to must be in that OU. Also realize that policy changes do not
propagate immediately if you do not use secedit or gpupdate to force a
refresh.

Anyhow you would need to create a policy that had a rule that used deny
filter action. The filter needs to contain entries for ports 80/443. Make
sure that the filter entry is mirrored when you create it. To block internet
access you will need to create a rule that has the source ports as any,
protocol TCP, source IP - my address, destination IP - any, destination
ports 80/443. Keep in mind that only W2K/XP Pro/W2003 computers are ipsec
aware. --- Steve

http://www.securityfocus.com/infocus/1559 -- great article on configuring
ipsec.

"Brandon McHenry" <Brandon McHenry@discussions.microsoft.com> wrote in
message news:E0FAB416-CCDA-4BC7-861E-5833432F79F5@microsoft.com...
>I have created a restrictive policy to be applied to one OU. Within that
>GPO
> I have setup an IPSec policy to block from any port on any IP to port 80
> on
> My IP (I also blocked port 443) and then assigned it. However it doesn't
> not
> work, I am still getting web traffic consistently on these machines. Can
> anyone tell me the proper procedure to do this? I want to block users in
> this
> OU only from getting any internet traffic. Thanks...

Relevant Pages

  • Scripted IPSec policies on Windows XP (without AD/GPOs)
    ... I’ve been experimenting with making an “IP Security Policy” on a local ... multiple computers – i.e. be able to script it in some way. ... have access to deploying various types of script jobs to the Windows XP ... Does anyone know of a way to script applying this IPSec policy onto ...
    (Focus-Microsoft)
  • Re: IPSec and Group Policy
    ... group policy to the ou where the computer/workstations are memebers. ... the IPSec policy that may be active. ... show the IPSec policy in action between two client computers, ... IPSec policies assigned to an organizational unit will override an ...
    (microsoft.public.win2000.security)
  • Re: Reinstall everytime assigned applications through GPO on start
    ... Software installation extension has been called for background policy refresh ... Stations - R&D Software (EMEA computers). ... Stations - R&D Software (EMEA computers) is set for installation because it ... The assignment of application Remote Administrator v2.1 from policy Software ...
    (microsoft.public.windows.group_policy)
  • Re: better way to limit users/group to logon to specific workstati
    ... You can still do it in policy, ... logon locally setting, and apply it to all computers except the ones you ... Workstations" attribute - applying to the user accounts ...
    (microsoft.public.windows.group_policy)
  • Re: EventID 1054 from Userenv for startup script
    ... Did you configure the mentioned policy for the XP computers? ... startup script currently does not have Authenticated Users in its ACL. ... It obviously gets group policy ...
    (microsoft.public.windows.group_policy)