What I have is an exported .ipsec file (that was created on a local workstation). It contains the tested and fully functional IPSEC policy that I was advised to implement so my plan was to export the policy from the local machine and then import it into the GPO.

I am the GPO administrator and I can change the IPSEC stuff, I'm just not able to import the .ipsec file in the security area. I was just trying to figure out if you were able to conduct that type of import on a GPO or if that only works on local workstations (which doesn't make sense) or the guy who set up my permissions may have just made a mistake when he granted me the admin rights to the GPO.

I guess I can ask the admin to recheck my privileges on the GPO to ensure that he has me set with the IPSEC part, but that doesn't seem that plausible of an option considering he said that he granted my privileges using the delegate administration feature.

Is there a big difference between using the .ipsec file instead of the .inf file?

Thanks,

chuck

Darren Mar-Elia wrote:

Charles-
When you say you're importing IPSEC, I assume this means you have an
.inf file that you've created that you importing into an OU-linked GPO?
The ability to make changes to a GPO are governed by the permissions on
the GPO object itself, which is not stored in the OU but rather under
the System\Policies container in your domain (and also in SYSVOL). If
you view the permissions on the GPO object itself, you should be able to
see if you have modify rights on that GPO. If you don't, you'll need to
get the owner of that GPO to grant you those rights explicitly for that
GPO.

Darren

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Charles
Carerros
Sent: Thursday, April 15, 2004 6:49 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Importing IPSEC Policies into an OU

Hey all,

This might seem kinda odd and maybe I'm just doing something wrong.

But I tried to import an IPSEC policy (that basically just does port
blocking) into and AD but I keep getting rejected due to permissions
(apparently).

Now I don't have Domain Admin rights to the domain, however I have been
delegated complete authority to the OU that I'm working in.  Does anyone
know if there are additional issues dealing with the importing of IPSec
policies at OU levels that I might be missing?

Thanks,

Chuck

--
Charles D. Carerros
Systems Administrator
Information Technology Office
College of Letters and Science
University of Wisconsin -- Milwaukee
[EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


-- Charles D. Carerros Systems Administrator Information Technology Office College of Letters and Science University of Wisconsin -- Milwaukee [EMAIL PROTECTED]

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to