6

I was in the process of translating some locally defined IPSEC policies on my test systems into group policies. In the process I applied an incomplete policy which was missing the line that allows direct access to my DCS which aren't yet set up for ipsec.

This has locked out my ability to apply the updated policy (which removes these restrictions) from my test systems.

How can I forcibly remove this policy to allow me to continue testing?

Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
  • Would it be possible to set up one of your DCs for IPSEC connections? Or are the bits of the IPSEC policy that would allow *that* to work also missing? – voretaq7 Aug 24 '12 at 19:57
  • @voretaq7 - I'd love to apply this to our DCs but at this point I don't have approval to do so. This is mostly for a redevelopment project that we're just starting to flesh out. – Tim Brigham Aug 24 '12 at 20:02

1 Answers1

7

I managed to find a way to address this problem via an old technet reference.

Delete HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy, unassign the locally assigned policy and reboot.

Tim Brigham
  • 15,545
  • 10
  • 75
  • 115