can i turn off IPSec

Microsoft Server 2003, Small Business, SP2

Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up?

See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. " and I don't really use IPSEC so I don't want to risk IPSEC freaking out and blocking my legit users.

Thanks
LVL 4
shard26Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dfxdeimosCommented:
If you are not using IPSec then you can disregard those error messages, they will not affect your users.

So if you aren't using and IPSec infrastructure you will be able to disable the services without issue. That being said I would stay a little late one night and do it just on the off chance that something is affected.
0
shard26Author Commented:
How can I verify that we are not using IPSec? Just to be safe.


0
dfxdeimosCommented:
If you didn't turn it on explicitly (and I assume you are the network admin) then you aren't using it.

If you still want to double check then just go to a client machine and go Start -> Run -> "Secpol.msi" .

In the bottom of that list you will see something like what is in the image that I attached. You will then be able to see if any of the policies are enabled.

For future reference, here is a good guide about implementing IPSec in your domain:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
IPSecPol.jpg
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

shard26Author Commented:
computer doesn't know the command secpol.msi
0
shard26Author Commented:
i am pretty confident we have set up no policies.
0
dfxdeimosCommented:
If it doesn't recognize secpol.msi you can launch the MMC by going Start -> Run -> "MMC" and then adding the Local Security Policy Snap-In.

I am also pretty confident that you don't have policies in place. =]
0
shard26Author Commented:
so no policies in place means i can kill the service?

0
dfxdeimosCommented:
Yes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.