IPSec Policy Is Applied After Being Deleted from a Group Policy

ID: Q234320

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SYMPTOMS

If an IP Security (IPSec) policy is deleted from a group policy before it has been unassigned, the policy is still applied to the Organizational Units (OUs) contained within the policy.


CAUSE

Although the IPSec policy has been deleted from the group policy, it remains in the client's cache in the following location:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy
This value remains on a client computer until a change is made to the IPSec portion of the group policy.


RESOLUTION

To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted before it is unassigned, you can assign a new policy, and then unassign it. You can run the following command on a client computer to force a policy update:

secedit /refreshpolicy machine_policy
This removes all IPSec policy information from the key listed above.

Additional query words:

Keywords : kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.