IPSec Default Policies May Overwrite Policies on an Imported Computer (232817)


The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q232817

SYMPTOMS

When you export an Internet Protocol security (IPSec) default policy from one computer and then import the policy to another computer, the second computer may be overwritten by the default policy.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

A default policy in Windows 2000 has a Globally Unique Identifier (GUID), which is used to maintain the uniqueness of a policy object. When a policy is imported that contains the same GUID of an existing policy, the existing policy is overwritten by the new imported value. Any policy or policy object that is created has a different GUID of the default policy and is not overwritten.

The IPSec default policies can be viewed when the IP Security Policies snap-in is added to the Microsoft Management Console(MMC).

To display the local IPSec default policies:
  1. Click Start, click Run, type MMC, and then click OK.
  2. On the Console Menu, click Add/Remove Snap-in.
  3. Click Add.
  4. Click IP Security Policy Management, click Add, click Finish, and then click Close.
  5. Click OK.
  6. In the left-pane window, double-click IP Security Policies on Local Machine. The default policies should be displayed in the right pane window.
Modification Type:MajorLast Reviewed:10/8/2002
Keywords:kbenv kbprb KB232817
©2002 Microsoft Corporation. All rights reserved.