IPSec Default Policies May Overwrite Policies on an Imported Computer

When you export an Internet Protocol security (IPSec) default policy from one computer and then import the policy to another computer, the second computer may be overwritten by the default policy.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

A default policy in Windows 2000 has a Globally Unique Identifier (GUID), which is used to maintain the uniqueness of a policy object. When a policy is imported that contains the same GUID of an existing policy, the existing policy is overwritten by the new imported value. Any policy or policy object that is created has a different GUID of the default policy and is not overwritten.

The IPSec default policies can be viewed when the IP Security Policies snap-in is added to the Microsoft Management Console(MMC).

To display the local IPSec default policies:

1. Click Start, click Run, type MMC, and then click OK.
2. On the Console Menu, click Add/Remove Snap-in.
3. Click Add.
4. Click IP Security Policy Management, click Add, click Finish, and then click Close.
5. Click OK.
6. In the left-pane window, double-click IP Security Policies on Local Machine. The default policies should be displayed in the right pane window.