Microsoft KB Archive/234320

= IPSec Policy Is Applied After Being Deleted from a Group Policy =

Article ID: 234320

Article Last Modified on 2/27/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Datacenter Server

-



This article was previously published under Q234320



SYMPTOMS
If an IP Security (IPSec) policy is deleted from a group policy before it has been unassigned, the policy is still applied to the Organizational Units (OUs) contained within the policy.



CAUSE
Although the IPSec policy has been deleted from the group policy, it remains in the client's cache in the following location:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy

This value remains on a client computer until a change is made to the IPSec portion of the group policy.



RESOLUTION
To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted before it is unassigned, you can assign a new policy, and then unassign it. You can run the following command on a client computer to force a policy update:

secedit /refreshpolicy machine_policy

This removes all IPSec policy information from the key listed above.

Keywords: kbprb KB234320

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.