| • | To start the IP Security Policies snap-in from the Microsoft Management Console: 1. | Click Start, click Run, type MMC, and then click OK. | 2. | In MMC, click File, click Add/Remove Snap-in, and then click Add. | 3. | Click IP Security Policy Management, and then click Add. | 4. | Select the computer for which you want to manage IPSec policies: Manage only the computer on which this console is running | Click This computer. | Manage IPSec policies for any domain members | Click The Active Directory Domain of which this computer is a member. | Manage IPSec policies for a domain of which the computer that is running this console is not a member | Click Another Active Directory Domain. | Manage a remote computer | Click Another computer. |
| 5. | Click Finish, click Close, and then click OK. |
|
| • | To access the IP Security Policies snap-in from Group Policy (Active Directory): 1. | Open Active Directory Users and Computers | 2. | In the console tree, right-click the domain or organizational unit for which you want to set Group Policy. Where? Active Directory Users and Computers [DomainControllerName.DomainName] > Domain > OrganizationalUnit > ChildOrganizationalUnit... | 3. | Click Properties, and then click the Group Policy tab. | 4. | Click Edit to open the Group Policy object that you want to edit. Or, click New to create a new Group Policy object, and then click Edit. | 5. | In the Group Policy console tree, click IP Security Policies on Active Directory. Where? PolicyName [ComputerName] Policy > Computer Configuration > Windows Settings > Security Settings > IP Security Policies on Active Directory |
|
| • | To access the IP Security Policies snap-in from Local Computer Policy: 1. | Click Start, click Run, type MMC, and then click OK. | 2. | In MMC, click File, click Add/Remove Snap-in, and then click Add. | 3. | Click Group Policy, and then click Add. | 4. | Click Finish, click Close, and then click OK. | 5. | In the Group Policy console tree, click IP Security Policies on Local Machine. Where? Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > IP Security Policies on Local Machine |
|
| • | To start Active Directory Users and Computers, open a Remote Desktop Connection to either a Windows 2000 domain controller or a member server that has Windows 2000 Administration Tools installed. You must log on to the server as a domain administrator in order to complete this procedure. |
| • | To save console settings, on the File menu, click Save. |
| • | You cannot administer Active Directory-based IPSec policy from a computer running Windows XP Home Edition. |
| • | To define Active Directory-based IPSec policy, you must have Group Policy administrative permissions. To manage local or remote IPSec policy for a computer, you must be a member of the Administrators group on the local or remote computer. |
| • | To manage policies in a remote domain, you must be using a computer that is a member of a domain that is trusted by the remote domain. You cannot configure policies in a remote domain from a computer that is a member of a workgroup (also known as a stand-alone computer). |
| • | To view the saved console, see Related Topics. |
| • | To revise your initial choice, you can start the Microsoft Management Console, add this snap-in again, and save the console again. If you require multiple configurations, you can save the console with another name. |
