Help and Support

Article ID: 234320 - Last Review: February 27, 2007 - Revision: 3.2

IPSec Policy Is Applied After Being Deleted from a Group Policy

View products that this article applies to.
This article was previously published under Q234320
Expand all | Collapse all

SYMPTOMS

If an IP Security (IPSec) policy is deleted from a group policy before it has been unassigned, the policy is still applied to the Organizational Units (OUs) contained within the policy.
Back to the top

CAUSE

Although the IPSec policy has been deleted from the group policy, it remains in the client's cache in the following location:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy
This value remains on a client computer until a change is made to the IPSec portion of the group policy.
Back to the top

RESOLUTION

To correctly delete a policy, it should first be unassigned, and then deleted. If a policy is deleted before it is unassigned, you can assign a new policy, and then unassign it. You can run the following command on a client computer to force a policy update:
secedit /refreshpolicy machine_policy
This removes all IPSec policy information from the key listed above.
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Datacenter Server
Back to the top
Keywords: 
kbprb KB234320
Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers