Microsoft KB Archive/923785

= An IPsec policy is not applied to a client computer when you apply a Group Policy object =

Article ID: 923785

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Small Business Server 2003 Standard Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Datacenter Server

-





SYMPTOMS
When you apply a Group Policy object (GPO) to a client computer, and the GPO contains an Internet Protocol security (IPsec) policy setting, the IPsec policy is not applied.

Additionally, nothing is written to the registry in the following scenario:  You delete the following registry keys:

 You restart the computer. Or, you run the gpupdate /force command on the computer.



CAUSE
This problem occurs if the computer account to which you apply the Group Policy object does not have Read permissions and Apply Group Policy permissions for all child objects.



RESOLUTION
To resolve this problem, follow these steps:
 * 1) On the domain controller, click Start, click Run, type dsa.msc, and then click OK.
 * 2) Right-click the domain object, and then click Properties.
 * 3) Click the Group Policy tab, and then click Open.
 * 4) Double-click Group Policy Objects.
 * 5) Click the Group Policy object that contains the IPsec policy.
 * 6) Click the Delegation tab.
 * 7) In the Groups and users area, click the computer account that you want to apply the IPsec policy to, and then click Advanced.
 * 8) In the Security Settings dialog box, click Advanced.
 * 9) In the Permission entries area, click the computer account that you want to apply the IPsec policy to, and then click Edit.
 * 10) Click to select the Allow check boxes for the following permissions:
 * 11) * Read Permissions
 * 12) * Apply Group Policy
 * 13) In the Apply onto box, select This object and all child objects.
 * 14) Click OK three times.



MORE INFORMATION
For more information about how to use the Group Policy Management Console, visit the following Microsoft Web site:

http://technet2.microsoft.com/WindowsServer/f/?en/library/b9cb929b-4c2f-4754-ad31-d154bb8105771033.mspx

For more information about Internet Protocol security, visit the following Microsoft Web site:

http://www.microsoft.com/technet/itsolutions/network/IPsec/default.mspx

Keywords: kbgpo kbipsec kbtshoot kbprb KB923785

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.