Netsh and IPSec Policies

Discussion in 'Server Security' started by Nick, Oct 21, 2004.

  1. Nick

    Nick Guest

    I hope someone can help me with this, I am trying to use 'netsh' on Windows
    2003 to script the creation of IPSec Policies and IPSec Filters. I have got
    this to work well for the Local Computer, but when I try and get it to
    create the Policy as part of the Domain Security Policy it does not work....
    I have used the command:

    netsh ipsec static set store location=domain domain='FQDN of Domain'

    This command is accepted OK, but then when the follow command runs it fails:

    netsh ipsec static set policy name="Test Policy" activatedefaultrule=no
    gponame="Default Domain Policy" assign=yes

    It says that 'gponame' is not valid is this context. The thing is, it works
    if I enter it all manually from the netsh interface, but not from a Command
    file. I have checked TechNet and it says it should work OK in both
    instances.

    Any help appreciated.

    Thanks in advance.

    Nick
     
    Nick, Oct 21, 2004
    #1
    1. Advertisements

  2. once your script returns from the first command, all context is lost, so for
    the second command the shell is going to assume you're trying to edit the
    local computer. What you need to do is create a file with ipsec commands,
    then call it from a single netsh command. Unfortunately I don't have a
    server at home so can't give you the specific syntax but the general idea
    would be:

    mypolicy.txt:
    ipsec
    static
    set store location=domain domain='FQDN of Domain'
    set policy name="Test Policy" activatedefaultrule=no gponame="Default Domain
    Policy" assign=yes

    mypolicy.cmd
    netsh -f mypolicy.txt
     
    David Beder [MSFT], Oct 22, 2004
    #2
    1. Advertisements

  3. Nick

    Nick Guest

    David,

    Thanks for responding, I will trying this out and let you know - what you
    said makes perfect sense re: the shell, so I'm hopeful for this.

    Thanks again.

    Nick
     
    Nick, Oct 26, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.