When you apply a GPO (Group Policy Object) that contains an IPsec (Internet Protocol security) policy setting to a client computer, the IPsec policy is not applied.

This behavior will occur if the computer account to which you apply the GPO does not have Read and Apply Group Policy permissions for all child objects.

To fix this behavior:

01. Log on to a domain controller with administrative authority.

02. Open Active Directory Users and Computers.

03. Right-click the domain object and press Properties.

04. Press the Open button on the Group Policy tab.

05. Expand Group Policy Objects.

06. Select the GPO that contains the IPsec policy.

07. Select the Delegation tab.

08. select the computer account that you want to apply the IPsec policy to in the Groups and users area and press Advanced.

09. Press Advanced in the Security Settings dialog.

10. In the Permission entries area, select the computer account that you want to apply the IPsec policy to and press Edit.

11. Check the Allow box for Read Permissions and Apply Group Policy.

12. In the Apply onto box, select This object and all child objects.

13. Press OK, OK, and OK.

NOTE: See Introducing the Group Policy Management Console.

NOTE: See TechNet article: IPsec.