Assigning IPSec Policies

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

As a domain administrator, you can configure IPSec policies to meet the security requirements of a user, group, application, domain, site, or global enterprise from a domain controller. IPSec policy can also be implemented in a non-Windows 2000-based domain environment by using local IPSec policies.

Follow the steps shown in Figure 6.10 to assign IPSec policies during your deployment.

Figure 6.10   Assigning IPSec Policies

Assigning IPsec Policies

Make sure that you test these IPSec policies before you actually assign them in your production environment. For more information about testing IPSec policies, see "Testing Your Policies in a Test Lab" later in this chapter.

First determine whether to use Active Directory to apply IPSec policy to clients. If you decide to do so, make sure that you understand how Group Policy inheritance affects the way in which the IPSec policies are applied and how IPSec policy precedence differs from standard Group Policy inheritance.