shard26
asked on
can i turn off IPSec
Microsoft Server 2003, Small Business, SP2
Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up?
See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. " and I don't really use IPSEC so I don't want to risk IPSEC freaking out and blocking my legit users.
Thanks
Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up?
See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. " and I don't really use IPSEC so I don't want to risk IPSEC freaking out and blocking my legit users.
Thanks
ASKER
How can I verify that we are not using IPSec? Just to be safe.
If you didn't turn it on explicitly (and I assume you are the network admin) then you aren't using it.
If you still want to double check then just go to a client machine and go Start -> Run -> "Secpol.msi" .
In the bottom of that list you will see something like what is in the image that I attached. You will then be able to see if any of the policies are enabled.
For future reference, here is a good guide about implementing IPSec in your domain:
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
IPSecPol.jpg
If you still want to double check then just go to a client machine and go Start -> Run -> "Secpol.msi" .
In the bottom of that list you will see something like what is in the image that I attached. You will then be able to see if any of the policies are enabled.
For future reference, here is a good guide about implementing IPSec in your domain:
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
IPSecPol.jpg
ASKER
computer doesn't know the command secpol.msi
ASKER
i am pretty confident we have set up no policies.
If it doesn't recognize secpol.msi you can launch the MMC by going Start -> Run -> "MMC" and then adding the Local Security Policy Snap-In.
I am also pretty confident that you don't have policies in place. =]
I am also pretty confident that you don't have policies in place. =]
ASKER
so no policies in place means i can kill the service?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So if you aren't using and IPSec infrastructure you will be able to disable the services without issue. That being said I would stay a little late one night and do it just on the off chance that something is affected.