Managing IPSec from the command line

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Managing IPSec from the command line

The Netsh commands for Internet Protocol security (IPSec) provide a fully equivalent alternative to the console-based management and diagnostic capabilities provided by the IP Security Policy Management and IP Security Monitor consoles. You can use Netsh commands for IPSec to script IPSec policy creation, display details about IPSec policies, and change the IPSec configuration for troubleshooting. In addition, administering IPSec from the command line is useful when you want to extend the security and manageability of IPSec. For example, you can use Netsh commands for IPSec to enable IPSec driver event logging, set default traffic exemptions, and configure computer startup security.

For a comprehensive netsh ipsec command reference (including syntax and parameters), see Netsh commands for Internet Protocol security.

Notes

• For information about how to use Netsh commands for IPSec to change the IPSec configuration for troubleshooting, see the section "Using Netsh to change the IPSec configuration on computers running the Windows Server 2003 family" in IPSec troubleshooting tools.

• You can use the Netsh commands for IPSec to configure IPSec policies only on computers running members of the Windows Server 2003 family. To use the command line to configure IPSec policies on computers running Windows XP, use Ipseccmd.exe. To use the command line to configure IPSec policies on computers running Windows 2000, use Ipsecpol.exe, which is provided with the Windows 2000 Server Resource Kit. For more information, see IPSec troubleshooting tools.