Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3497
  • Last Modified:

can i turn off IPSec

Microsoft Server 2003, Small Business, SP2

Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up?

See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. " and I don't really use IPSEC so I don't want to risk IPSEC freaking out and blocking my legit users.

Thanks
0
shard26
Asked:
shard26
  • 4
  • 4
1 Solution
 
dfxdeimosCommented:
If you are not using IPSec then you can disregard those error messages, they will not affect your users.

So if you aren't using and IPSec infrastructure you will be able to disable the services without issue. That being said I would stay a little late one night and do it just on the off chance that something is affected.
0
 
shard26Author Commented:
How can I verify that we are not using IPSec? Just to be safe.


0
 
dfxdeimosCommented:
If you didn't turn it on explicitly (and I assume you are the network admin) then you aren't using it.

If you still want to double check then just go to a client machine and go Start -> Run -> "Secpol.msi" .

In the bottom of that list you will see something like what is in the image that I attached. You will then be able to see if any of the policies are enabled.

For future reference, here is a good guide about implementing IPSec in your domain:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
IPSecPol.jpg
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
shard26Author Commented:
computer doesn't know the command secpol.msi
0
 
shard26Author Commented:
i am pretty confident we have set up no policies.
0
 
dfxdeimosCommented:
If it doesn't recognize secpol.msi you can launch the MMC by going Start -> Run -> "MMC" and then adding the Local Security Policy Snap-In.

I am also pretty confident that you don't have policies in place. =]
0
 
shard26Author Commented:
so no policies in place means i can kill the service?

0
 
dfxdeimosCommented:
Yes.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now