A. Windows 2000 supplies the IP Security Policies MMC snap-in which can be used to modify and create IPSec policies which can then be assigned to computers and Group Policy Objects.

To open the snap-in perform the following:

  1. Start the MMC (Start - Run - MMC.EXE)
  2. From the console menu select 'Add/Remove Snap-in' (or press Ctrl+M)
  3. From the Standalone tab click Add
  4. Select 'IP Security Policy Management' snap-in and click Add
  5. Select either 'Local computer' or the domain policy and click Finish. If its for a domain select 'Manage domain policy for this computer's domain'. Click Finish
  6. Click Close to the dialog then click OK

Double clicking the root will display the 3 built-in options

  • Client (Respond Only)
  • Secure Server (Require Security)
  • Server (Request Security)

If you right click on the root you can create a new policy by selecting 'Create IP Security Policy'. If you right click on an existing policy and select Properties you can modify its settings.

Click here to view image