Main Page 
PC Review
Forums
Newsgroups
Windows 2000
Microsoft Windows 2000 Group Policy
Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)
Forums
Newsgroups
Windows 2000
Microsoft Windows 2000 Group Policy
Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)
 |
Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy) |
|
|
Thread Tools | Rate Thread |
03-07-2003, 03:21 PM
|
#1 |
|
Guest
Posts: n/a
|
Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)
I've already tried that. I manually synced the domain to make sure all DC's
had the new GPO, then rebooted the test system. I then tried stopping and restarting the policyagent. I even left the maching running for half a day to see if there would be a difference after the 180 minute refresh. Nothing changed. It receives the policy from the domain, but the contents of the policy are not being applied. "Louise Bowman [MSFT]" <lbowman@microsoft.com> wrote in message news:#5VrGiNPDHA.2476@TK2MSFTNGP10.phx.gbl... > If the computer is a member of a domain - as it is in your case, policy > retrieval happens when the system starts or at the defined IPSec policy > polling interval(default 180 minutes) AD Policy. > If you manually stop and start Policy Agent - i.e. net stop policyagent > and net start policyagent - it should read the policy and apply it > immediately. > > Louise (MSFT) > IPSec > > > -- > This posting is provided "AS IS" with no warranties, and confers no rights. > > > "Shant Hotoyan" <shotoyan@scelectric.ca> wrote in message > news:OIU5xvMPDHA.1336@TK2MSFTNGP11.phx.gbl... > > I'm trying to setup an IPSec Filter policy to block assigned systems from > > accessing the Internet. I've managed to create the filter lists and > policy > > successfully (created a policy with 2 filters, one blocks all traffic > > to/from all addresses, and the other allows all traffic to/from all > > addresses in our local subnet). > > > > If I create the filters and policy locally on a system, everything works > > fine and the system cannot access the Internet but can access the local > LAN. > > However if I create the exact same filter lists and policy onto the domain > > and apply it through group policy, it doesn't work. GPResult shows that > the > > policy was applied to the system, and IPSecMon shows that IPSec is enabled > > on the system, but the filter lists simply do not work. > > > > Any ideas? > > > > Thank you, > > Shant Hotoyan, MCSE, CCNP > > Network Administrator > > S&C Electric Canada Ltd. > > > > > > > > |
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
