IPSECPOL.EXE Questions

[Amy L.]

I am wanting to use IPSECPOL.EXE in the static mode. I have a couple of
questions.

1.) Can you delete rules you setup without stopping the policy agent? i.e.
through the command line tool.
2.) Can you group multiple entries under one IPSECPOL filter in static mode.
For example I may block one IP now, and than another one later. It seems
right now these are created under two separate filters. I would prefer to
have one filter with multiple rules.

Any help would greatly be appreciated.
Amy.

 

[Amy L.]

I am wanting to use IPSECPOL.EXE in the static mode. I have a couple of
questions.

1.) Can you delete rules you setup without stopping the policy agent? i.e.
through the command line tool.
2.) Can you group multiple entries under one IPSECPOL filter in static mode.
For example I may block one IP now, and than another one later. It seems
right now these are created under two separate filters. I would prefer to
have one filter with multiple rules.

Any help would greatly be appreciated.
Amy.

 

[Steve Riley [MSFT]]

1. No, the tool doesn't provide this function. All you can really do is use
"-o" to delete a policy and its rules.

2. You can use "-r RuleName" along with "-f FilterList" to replace the filter

list in a rule. If you want to add more filters, you'll need to respecify
the filters that are already there, like "-f FilterList1 -f Filterlist2 -f
Filterlist3..."

Steve Riley
(e-mail address removed)