Share via


Enable and Disable the IPsec Enforcement Client

Applies To: Windows Server 2008, Windows Server 2012

Enabling and disabling the IPsec enforcement client

  • Using the Windows interface

  • Using a command line

To enable and disable the IPsec enforcement client by using the Windows interface

  1. To open the NAP client configuration console, click Start, click All Programs, click Accessories, click Run, type NAPCLCFG.MSC, and click OK.

  2. In the console tree, click Enforcement Clients.

  3. Right-click IPsec Relying Party, and then click Enable or Disable.

Additional considerations

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • You must have Internet Protocol security (IPsec) policies and domain isolation deployed in your organization to enforce network access restriction with the IPsec enforcement client.

To enable and disable the IPsec enforcement client by using a command line

  1. To open a command prompt, click Start, click All Programs, click Accessories, and click Command Prompt.

  2. To enable or disable the IPsec enforcement client, do one of the following:

    1. To enable the IPsec enforcement client, type: netsh nap client set enforcement ID = 79619 ADMIN = "ENABLE"

    2. To disable the IPsec enforcement client, type: netsh nap client set enforcement ID = 79619 ADMIN = "DISABLE"

Additional considerations

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • You must have IPsec policies and domain isolation deployed in your organization to enforce network access restriction with the IPsec enforcement client.

Additional references

Configure NAP Enforcement Clients