IPSec Policy Is Applied After Being Deleted from a Group Policy (234320)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q234320 SYMPTOMS
If an IP Security (IPSec) policy is deleted from a group policy before it has been unassigned, the policy is still applied to the Organizational Units (OUs) contained within the policy.
CAUSE
Although the IPSec policy has been deleted from the group policy, it remains in the client's cache in the following location:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy
This value remains on a client computer until a change is made to the IPSec portion of the group policy.
RESOLUTION
To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted before it is unassigned, you can assign a
new policy, and then unassign it. You can run the following command on a client computer to force a policy update:
secedit /refreshpolicy machine_policy
This removes all IPSec policy information from the key listed above.
| Modification Type: | Major | Last Reviewed: | 12/17/2003 |
|---|
| Keywords: | kbprb KB234320 |
|---|
|