IPSec Policy Agent service
The purpose of the IPSec Policy Agent is to retrieve policy information and pass it to other IPSec components that require this information to perform security services, as shown in the following illustration.
The IPSec Policy Agent is a service that resides on each Windows XP computer, appearing as IPSEC Services in the list of system services in the Services snap-in. The IPSec Policy Agent:
If the computer is a member of a domain, policy retrieval occurs when the system starts, at the interval specified in the IPSec policy, and at the default Winlogon polling interval. You can also manually poll Active Directory for policy using the gpupdate /target:computer command.
The following are additional aspects of IPSec policy behavior for a computer that is a member of a domain:
The IPSec Policy Agent starts automatically at system start time. If there are no IPSec policies in Active Directory or the registry, or if the IPSec Policy Agent cannot connect to Active Directory, the IPSec Policy Agent waits for policy to be assigned or activated.