IPSec Default Policies May Overwrite Policies on an Imported Computer

ID: Q232817

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

When you export an Internet Protocol security (IPSec) default policy from one computer and then import the policy to another computer, the second computer may be overwritten by the default policy.


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

A default policy in Windows 2000 has a Globally Unique Identifier (GUID), which is used to maintain the uniqueness of a policy object. When a policy is imported that contains the same GUID of an existing policy, the existing policy is overwritten by the new imported value. Any policy or policy object that is created has a different GUID of the default policy and is not overwritten.

The IPSec default policies can be viewed when the IP Security Policies snap-in is added to the Microsoft Management Console(MMC).

To display the local IPSec default policies:

  1. Click Start, click Run, type MMC, and then click OK.


  2. On the Console Menu, click Add/Remove Snap-in.


  3. Click Add.


  4. Click IP Security Policy Management, click Add, click Finish, and then click Close.


  5. Click OK.


  6. In the left-pane window, double-click IP Security Policies on Local Machine. The default policies should be displayed in the right pane window.


For information about IPSec policies, please see the following article in the Microsoft Knowledge Base:
Q231586 Default Internet Protocol Security Policies in Windows 2000

Additional query words:

Keywords : kbenv
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.