IPsec Policy Agent (Legacy) Service
Applies To: Windows Server 2008 R2
The IPsec Policy Agent service (PolicyAgent) provides compatibility in Windows Vista and Windows Server 2008 with Internet Protocol security (IPsec) policies used in earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features.
Aspects
The following is a list of all aspects that are part of this managed entity:
| Name | Description |
|---|---|
The IPsec Policy Agent service receives its rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving new or modified policy settings, IPsec Policy Agent must process each new or modified rule to determine which network traffic to block, allow, or protect by using Internet Protocol security (IPsec). Note: This service provides compatibility with Internet Protocol security (IPsec) policies used in earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures, both in retrieving policy, and in processing the rules defined in the policy. |
|
The IPsec Policy Agent service must be running to receive and process Internet Protocol security (IPsec) policies that were made by using earlier versions of Windows. Note: This service provides compatibility with Internet Protocol security (IPsec) policies used in earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the service, or when the service stops operating due to a failure. |
|
The IPsec Policy Agent Service applies IPsec policy and rule changes to the current operating state of the IPsec filtering software. Note: The IPsec Policy Agent service provides compatibility with Internet Protocol security (IPsec) policies created by using Group Policy editing tools on computers that are running earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features. When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports when the service cannot perform its required tasks, such as properly processing filters, or cannot protect traffic sent or received by one or more of the network adapters attached to the computer. |