Using Group Policy to Apply IPSec Throughout an Active Directory Domain
Creating IPSec policies computer by computer is a tedious and dangerous task. That's because asdasthere are many steps to follow. In addition, if you make a mistake and policies that should be used between cooperating computers do not match, they will not work. If multiple computers in an Active Directory environment must participate in IPSec-negotiated sessions, the easiest way to ensure consistent application is through Group Policy. Figure 3 indicates the area of a Group Policy where IPSec policies reside. In this figure, a policy for negotiating Exchange server administrative functions has been activated.
Figure 3 The Exchange Server Admin IPSec Policy is created in the Exchange Server OU Group Policy.
IPSec policies are created within the IPSec container of a Group Policy. The Group Policy is linked to the OU that contains the servers that should use it. Let's imagine, for example, that you want to encrypt administrative sessions between the Exchange administrator's computer and all Exchange servers. If all Exchange servers and the administrators computer are placed in the same OU, the IPSec policy written in a Group Policy linked to that OU will be applied consistently to all computers. Likewise, you might establish policies for communications between all computers in the Accounting department and the Accounting database server, or between top executives.