This command-line tool configures Internet Protocol Security (IPSec) policies in the directory service, or in a local or remote registry. It does everything that the IPSec Microsoft Management Console (MMC) snap-in does, and is even modeled after the snap-in.
IPSecPol has two mutually exclusive modes: static and dynamic. The default mode is dynamic.
Dynamic mode plumbs policy into the Policy Agent, which is active only for the lifetime of the Policy Agent service. This means it will not be active after a reboot or stopping of the service. The benefit of dynamic mode is that the policy can co-exist with directory service-based policies, which override any local policy not plumbed by IPSecPol.
Static mode creates or modifies stored policy. This policy can be used again and will last the lifetime of the store. This is the mode that the IPSec MMC snap-in uses. Static mode is indicated by the -w flag. The flags listed for static mode in the syntax listing are valid only for static mode. The usage for static mode is an extension of dynamic mode, so please read through the dynamic mode section.
This tool runs only on Microsoft® Windows® 2000.
Note
This also provides a backup in case you lose the directory service or registry that the policy is stored in. Just re-run the batch file.
For a more thorough explanation of IPSec policy terminology, see the online Help for the IPSec MMC snap-in.
You must have specific privileges for both dynamic and static mode. For static mode, you must have read/write access to the storage that you write. For dynamic mode, you must have Administrator privileges on the computer to which you are plumbing the dynamic policy.
IPSecPol Topics
Files Required