IP Security Policies (Windows)

Module: Network Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008

This check reports IP Security Policies that exist for Active Directory on domain controllers. The check reports if the policy is assigned, if IP Security Rules exist but are not selected, and if the Check for policy changes text box is set to greater than four minutes.

The following table lists the error messages for the check.

Table: Error messages for IP Security Policies

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: ESM_IP_SECPOLICY_DEFAULT Category: Change Notification	Windows 2000 (106359) Windows 2003 (206360) Windows 2008 (249360)	Title: IP Security Policy is not assigned Description:The IP Security Policies on Active Directory is NOT assigned.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [IPSec Policy: NONE]
String ID: ESM_IP_SECURITY_POLICY_DEFAULT Category: Change Notification	Windows 2000 (106360) Windows 2003 (206361) Windows 2008 (249361)	Title: IP Security Policy is assigned Description:The IP Security Policies on Active Directory is assigned.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [IPSec Policy: %s;]
String ID: ESM_IP_SECURITY_RULE_NOT_SELECTED Category: Change Notification	Windows 2000 (106361) Windows 2003 (206362) Windows 2008 (249362)	Title: IP Security Policy Rule is not selected Description:The IP Security Policy Rule on Active Directory is not selected.	Severity: yellow-3 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [IPSec Policy Rule is not selected: %s;]
String ID: ESM_IP_SECURITY_REFRESH Category: Change Notification	Windows 2000 (106362) Windows 2003 (206363) Windows 2008 (249363)	Title: Check for policy changes setting is set too high Description:The IP Security Policy Rule timer is set too high.	Severity: yellow-3 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [IPSec Policy check policy refresh is set high]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_IP_SECPOLICY_DEFAULT

Category: Change Notification

Windows 2000 (106359)
Windows 2003 (206360)
Windows 2008 (249360)

Title: IP Security Policy is not assigned

Description:The IP Security Policies on Active Directory is NOT assigned.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [IPSec Policy: NONE]

String ID: ESM_IP_SECURITY_POLICY_DEFAULT

Category: Change Notification

Windows 2000 (106360)
Windows 2003 (206361)
Windows 2008 (249361)

Title: IP Security Policy is assigned

Description:The IP Security Policies on Active Directory is assigned.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [IPSec Policy: %s;]

String ID: ESM_IP_SECURITY_RULE_NOT_SELECTED

Category: Change Notification

Windows 2000 (106361)
Windows 2003 (206362)
Windows 2008 (249362)

Title: IP Security Policy Rule is not selected

Description:The IP Security Policy Rule on Active Directory is not selected.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [IPSec Policy Rule is not selected: %s;]

String ID: ESM_IP_SECURITY_REFRESH

Category: Change Notification

Windows 2000 (106362)
Windows 2003 (206363)
Windows 2008 (249363)

Title: Check for policy changes setting is set too high

Description:The IP Security Policy Rule timer is set too high.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [IPSec Policy check policy refresh is set high]