Thursday, November 01, 2007


Working on IPSEC configuration. I wanted to set an SMB encryption policy using domain policy but I am getting 'access denied' when I get to the edit properties part of the new policy creation.

Here's why (I am not a domain admin):
To manage Active Directory-based IPSec policies, you must be a member of the
Domain Admins group in Active Directory, or you must have been delegated the
appropriate authority. -Assign or unassign IPSEC policy in Group Policy

This can be done through a local gpo though. But for deployment on multiple systems we will probably need to script this. I will look at Netsh for this:

Managing IPSec from the command line

Apply these steps to your file server and the host computer(s) that you would like to establish an encrypted SMB session.
Note: You need to test this in a development environment before you deploy it to your production environment.
Open the MMC with ‘IP Security Monitor’ and IP Security Policy Management’ (local computer)

No comments:

Windows 10 with Ubuntu: Install error CanonicalGroupLimited.UbuntuonWindows cannot be found or cannot be accessed

On Windows 10 Enterprise build 1709 I installed the Windows Subsystem for Linux. Next I open the Microsoft Store and did a search for Ub...