A. Windows 2000 supplies the IP Security Policies MMC snap-in which can be used to modify and create IPSec policies which can then be assigned to computers and Group Policy Objects.
To open the snap-in perform the following:
- Start the MMC (Start - Run - MMC.EXE)
- From the console menu select 'Add/Remove Snap-in' (or press Ctrl+M)
- From the Standalone tab click Add
- Select 'IP Security Policy Management' snap-in and click Add
- Select either 'Local computer' or the domain policy and click Finish. If its for a domain select 'Manage domain policy for this computer's domain'. Click Finish
- Click Close to the dialog then click OK
Double clicking the root will display the 3 built-in options
- Client (Respond Only)
- Secure Server (Require Security)
- Server (Request Security)
If you right click on the root you can create a new policy by selecting 'Create IP Security Policy'. If you right click on an existing policy and select Properties you can modify its settings.