Sign in

    Server and Domain Isolation Using IPsec and Group Policy

    This guide provides business-oriented justification as well as technical guidance for logically isolating servers and domains from certain types of network traffic through the use of IPsec filters and Group Policy.
    • Version:


      File Name:

      Date Published:


      File Size:

      1.3 MB

        The Server and Domain Isolation Using IPsec and Group Policy solution guide provides technical guidance, but it also provides documentation to help you understand the business benefits of using server and domain isolation to defend IT systems against internal and external security threats.

        The technical guidance shows how to use IPsec and Group Policy to secure and manage different types of networks, including those that have VPN clients and internal firewalls. Troubleshooting documentation is also provided that describes how to resolve frequently encountered IPsec issues. The guidance is supplemented with tools and templates that can be used to assist the project team during all stages of the project lifecycle.

        Server and domain isolation can be an important strategy in the defense against virus propagation, internal hackers, employee misuse of technology assets, and information theft. It can also be used to require domain membership of all clients that seek access to trusted resources, either clients or servers, so that they can be better managed by professional IT staff. Server and domain isolation can also be used as either a primary or an additional strategy for meeting data privacy or other data protection requirements. It can be used without modifying existing Microsoft Windows applications or deploying virtual private networking (VPN) tunneling hardware on the network.

        Server and domain isolation allows IT administrators to restrict TCP/IP communications of domain members that are trusted computers. These trusted computers can be configured to allow only incoming connections from other individual trusted computers or a specific group of trusted computers. The access controls are centrally managed by using Group Policy (a feature of the Active Directory directory service) to control network logon rights. Nearly all TCP/IP network connections can be secured without application changes, because IPsec works at the network layer (below the application layer) to provide authentication and per-packet, state-of-the-art, end-to-end security between computers. Network traffic can be authenticated, or authenticated and encrypted, in a variety of customizable scenarios. Group Policy and IPsec configurations are centrally managed in Active Directory.

        Send questions or feedback to us directly at
    • Supported Operating System

      Windows 2000, Windows 2000 Advanced Server, Windows 2000 Professional Edition , Windows 2000 Server, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Server 2003, Windows XP, Windows XP 64-bit, Windows XP Embedded, Windows XP Embedded Service Pack 1, Windows XP Embedded Service Pack 2 , Windows XP Home Edition , Windows XP Professional Edition, Windows XP Service Pack 1, Windows XP Service Pack 2

        • Click the Download button at the top of the page to start the download.

        • Do one of the following:

          • To start the .zip file extraction immediately, click Open or Run this program from its current location. Then extract the files to your preferred location on your computer.

          • To save the download to your preferred location on your computer for .zip file extraction at a later time, click Save or Save this program to disk.

        • To install the .msi package:

          1. Navigate to where you extracted the .zip file content on your hard drive.

          2. Double-click the Server and Domain Isolation Tools and Templates.msi file.

          3. Accept the Microsoft Software License Terms.

          4. Follow the steps in the installation dialog to complete the installation.

          5. Find the installed files in your My Documents folder or by looking in the Start/All Programs menu for a shortcut.

      • Solution Accelerators are free, scenario-based guides and automations designed to help IT Professionals who are proactively planning, deploying, and operating IT systems using Microsoft products and technologies. Solution Accelerator scenarios focus on security and compliance, management and infrastructure, and communication and collaboration.

        Get the Solution Accelerator Notifications Newsletter

        Subscribe to the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as

        • Communication & Collaboration
        • Security, Data Protection, & Recovery
        • Deployment
        • Operations & Management

        You may also receive invitations to participate in accelerator development via beta programs and customer surveys. Solution Accelerator Notifications is currently available in English only.

        If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).