RE: Remove security policy

From: sul <sul@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Oct 2008 07:25:01 -0700

Thanks for the suggestion, however there are no Local Security Policies on
the machine and it does not appear on the IP Security Policy snap-in. This
is a policy that is appearing as part of the AD on the Domain.

Here is a partial result from from running "netsh ipsec dynamic show all"

Source Machine : Local Computer GPO for <SERVERNAME>
GPO Name : Default Domain Policy
Local IPSec Policy Name : NONE
AD IPSec Policy Name : Manage Port 10000
AD Policy DN :
LDAP://CN=ipsecPolicy{B5D2B65A-A836-442D-B7C8-FB8E1E9C554B}\0ADEL:7790aca7-c306-45ce-87da-1
b9bd90d4ae1,CN=Deleted Objects,DC=mydomain,DC=domain,DC=com
Local IPSec Policy Assigned: Yes, but AD Policy is Overriding

Any suggestions on how to delete an "invisible" policy that does not appear
on the snap-ins (neither on IP Security Policies on Local Computer nor on IP
Security Policies on Active Directory?

thanks!

-sul.

"Salvador Manaois III" wrote:

Hi,

You should actually view it from the IP Security Policy snap-in. Open up the
snap-in and delete the policy from there.

Alternatively, you can use ipseccmd itself to delete the policy (either the
-u or -o switch):

http://technet.microsoft.com/en-us/library/bb490922.aspx

Regards,

Salvador Manaois III
MCSE MCSA CEH MCITP | Enterprise/Server Admin
Bytes & Badz : http://badzmanaois.blogspot.com

"sul" wrote:

hi,

i have a securiy policy that is not showing up anywhere on Domain Security
Policy mmc or GPMC. I can see it being applied to member computers upon
running "ipseccmd show all"

Is there a way to delete this "invisible" policy using adsiedit? or some
other means?

thanks!

References:
- Remove security policy
  - From: sul
- RE: Remove security policy
  - From: Salvador Manaois III

Prev by Date: Re: RENDOM /end fails
Next by Date: Re: Change local admin passwords on all domain PCs
Previous by thread: RE: Remove security policy
Next by thread: NEW DC WINDOWS 2003
Index(es):
- Date
- Thread

Relevant Pages

Re: Hacked?
... > Event Source: Security ... > Computer: CODPAF01 ... > Domain Policy Changed: Password Policy modified ... > have GPO's being applied to it, all security policies are local and no one ...
(microsoft.public.inetserver.iis.security)
Hacked?
... Event Source: Security ... Domain Policy Changed: Password Policy modified ... according to the logs no one with authority to make such a change was logged ... with privelage to change local security policies was logged in at the time. ...
(microsoft.public.inetserver.iis.security)
RE: help w/ security policies!
... There are some model security policies on the SANSs site. ... This is my view of how an information security policy will look like. ... Facilities management policy ...
(Security-Basics)
Fwd: Oh Dear, Where to start?!
... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
(Security-Basics)
RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
(Firewall-Wizards)