It alsoprovides some advanced fine-tuning for management and security that is notavailable in the GUI mode. This method of deployment can be useful when you want to script theIPSec configuration and run the same script on multiple servers. If all of the computers on which you are running IPSec are part of theWindows Server 2003 family, you can deploy IPSec using the netsh ipseccommand. Deploying IPSec Using Commands and Scripts Figure 3.15 shows IPSec settings in a GPO.įigure 3.15 You can configure IPSec within GPOs. In other words, the IPSec policies that will ultimately apply will be only those that are applied to the container in which the object actually resides as well as any policies that did not conflict in the entire processing order. Group Policies are processed in the order of local, site, domain, OU, and finally child OU, and any IPSec policies that conflict will be overridden by the next level of processing. You can use Group Policy to configure IPSec for an entire domain, an entire site, or selected OUs. IPSec polices are one of the security settings in each GPO. Deploying IPSec Using Group Policy Objects In other words, if the computer is part of an AD, the IPSec policies defined in Group Policy that apply to its container will override its local policy.įigure 3.14 You can configure IPSec in the Local Security policy of a client or member server. Any policy defined in a Group Policy will override any policy that is deployed only to the local computer. The Local Security policy is located in Administrative Tools. You can configure the properties of IPSec and create rules using the Local Security Policy Microsoft Management Console (MMC), as shown in Figure 3.14, on Windows 2000 Professional and all later clients and on member servers. You should be familiar with the following aspects of deploying and managingIPSec policies:ĭeploying IPSec using Local Policy objectsĭeploying IPSec using Group Policy objects (GPOs)ĭeploying IPSec using commands and scriptsĭeploying IPSec Using Local Policy Objects You can create, modify, and deploy IPSec policies using the IP Security Policy Management Console, as shown in Figure 3.13.įigure 3.13 You can create, modify, and deploy IPSec policies using the IP Security Policy Management console. Using Group Policy, IPSec policies can be set on a single computer, an entire domain, an entire site, or any AD organizational unit (OU). Learn More Buy Deploying and Managing IPSec Policies MCSA/MCSE 70-299 Exam Cram 2: Implementing and Administering Security in a Windows 2003 Network
0 Comments
Leave a Reply. |