How to Assign an IPSec Policy

 

This article explains how to assign the IPSec Policy that is described in How to Create a Block TCP 25 IPSec Policy. If you have followed those steps, then you have created the base Group Policy object, defined the SMTP filters, and specified the block action to take on the filters.

Before You Begin

The procedure in this article specifies naming conventions in bold italic. As you work through the other related procedures as listed in How to Create a Block TCP 25 IPSec Policy, notice that the policies, descriptions, and filters that are named in earlier procedures are referenced in subsequent procedures (again in bold italic).

It is recommended that you review Slowing and Stopping E-mail Viruses in Exchange Server 2003: Optional Configurations before implementing this procedure.

Procedure

To assign the IPSec policy

1. In Group Policy Object Editor, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click IP Security Policies on Active Directory.

2. In the details pane, right-click the Block TCP 25 Policy, and then select Assign.

The policy will be applied after replication between domain controllers is complete, and the client computers check for the new policy updates, which defaults at 90 minutes.

To force the policy on Windows Server 2003 and Windows XP, run the following command on the Run line:

gpupdate /force

To force the policy on Windows 2000, run the following command on the Run line:

secedit /refreshpolicy machine_policy /enforce