Use RSoP to view IPSec policy assignments for members of a Group Policy container

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To use RSoP to view IPSec policy assignments for members of a Group Policy container

On a domain controller, open Resultant Set of Policy (RSoP) as a Microsoft Management Console (MMC). For more information, see Related Topics.
On the Action menu, click Generate RSoP Data.
On the Welcome to the Resultant Set of Policy Wizard page, click Next.
On the Mode Selection page, click Planning mode, and then follow the instructions in the wizard to run a planning mode query. For more information, see Related Topics.
In the console tree, click IP Security Policies.

Where?
- Computer Configuration/Windows Settings/Security Settings/IP Security Policies
The list of all IPSec policies is displayed in the details pane.
To view detailed policy settings for the IPSec policy that is being applied, in the details pane, right-click the policy with the highest precedence, and then click Properties.

Notes

The RSoP console displays detailed IPSec policy settings for only the policy that is being applied. The detailed policy settings include the filter rules, filter actions, authentication methods, tunnel endpoints, and connection type.
The details pane in the RSoP console provides two ways to indicate which IPSec policy is being applied:
- The lower the number in the Precedence column, the higher the precedence of the IPSec policy. The IPSec policy with a precedence number of 1 is the policy that is being applied.
- In the Name column, the folder icon that precedes the name of the IPSec policy that is being applied contains a green dot.
The settings of the IPSec policy with the highest precedence apply in their entirety; they are not merged with the settings of IPSec policies that are assigned at higher levels of the Active Directory hierarchy. For more information about using RSoP to view IPSec policy assignments, see Related Topics.
You can run an RSoP planning mode query only on a domain controller (when you run a planning mode query, you must explicitly specify the domain controller name). However, you can specify any IPSec client as the target for the query, provided you have the appropriate permissions to do so.
To hide or display columns in the RSoP console, see Related Topics.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.