Thursday, November 01, 2007

IPSEC

Working on IPSEC configuration. I wanted to set an SMB encryption policy using domain policy but I am getting 'access denied' when I get to the edit properties part of the new policy creation.

Here's why (I am not a domain admin):
To manage Active Directory-based IPSec policies, you must be a member of the
Domain Admins group in Active Directory, or you must have been delegated the
appropriate authority. -Assign or unassign IPSEC policy in Group Policy

This can be done through a local gpo though. But for deployment on multiple systems we will probably need to script this. I will look at Netsh for this:

Managing IPSec from the command line

Apply these steps to your file server and the host computer(s) that you would like to establish an encrypted SMB session.
Note: You need to test this in a development environment before you deploy it to your production environment.
Open the MMC with ‘IP Security Monitor’ and IP Security Policy Management’ (local computer)

No comments: