IP Security Policies on Active Directory

Updated: March 28, 2003

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

IP Security Policies on Active Directory

This security setting allows you to permit, block, or negotiate security for TCP/IP traffic.


GPO_name\Computer Configuration\Windows Settings\Security Settings\IP Security Policies on Active Directory\

Default Values


Server Type or GPO Default Value

Default Domain Policy

Not defined

Default Domain Controller Policy

Not defined

Stand-Alone Server Default Settings

Not defined

DC Effective Default Settings

Not defined

Member Server Effective Default Settings

Not defined


Use this setting to create filter lists and corresponding actions. Filter lists are based on ports, protocols, and whether the traffic is incoming or outgoing. Actions you specify are carried out when traffic matches a filter in the list. Actions include blocking, permitting, and requiring or requesting that traffic be secured through encryption.

Specify authentication methods. Choices include Kerberos V5, certificates, and (for testing only) preshared keys.

IP Security Policy can also be set in the local Group Policy object. IP Security Policy that is set in Active Directory takes precedence.

Community Additions