I've already tried that. I manually synced the domain to make sure all DC's
had the new GPO, then rebooted the test system. I then tried stopping and
restarting the policyagent. I even left the maching running for half a day
to see if there would be a difference after the 180 minute refresh. Nothing
changed. It receives the policy from the domain, but the contents of the
policy are not being applied.
"Louise Bowman [MSFT]" <(E-Mail Removed)> wrote in message
news:#(E-Mail Removed)...
> If the computer is a member of a domain - as it is in your case, policy
> retrieval happens when the system starts or at the defined IPSec policy
> polling interval(default 180 minutes) AD Policy.
> If you manually stop and start Policy Agent - i.e. net stop policyagent
> and net start policyagent - it should read the policy and apply it
> immediately.
>
> Louise (MSFT)
> IPSec
>
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "Shant Hotoyan" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > I'm trying to setup an IPSec Filter policy to block assigned systems
from
> > accessing the Internet. I've managed to create the filter lists and
> policy
> > successfully (created a policy with 2 filters, one blocks all traffic
> > to/from all addresses, and the other allows all traffic to/from all
> > addresses in our local subnet).
> >
> > If I create the filters and policy locally on a system, everything works
> > fine and the system cannot access the Internet but can access the local
> LAN.
> > However if I create the exact same filter lists and policy onto the
domain
> > and apply it through group policy, it doesn't work. GPResult shows that
> the
> > policy was applied to the system, and IPSecMon shows that IPSec is
enabled
> > on the system, but the filter lists simply do not work.
> >
> > Any ideas?
> >
> > Thank you,
> > Shant Hotoyan, MCSE, CCNP
> > Network Administrator
> > S&C Electric Canada Ltd.
> >
> >
> >
>
>
|
Similar Threads
