Deployment Artist


The site is finally put to rest...

You find new content on the Deployment Research site, a site filled with articles and video-tutorials on how to deploy operating systems. If you are missing something on the new site, please let me know. You can find me on twitter on my @jarwidmark alias.

You can also search the old article archive below.

Regards / Johan Arwidmark

 Blog_Archive Minimize

 How to configure IPSec in WinPE 2.0 Minimize
Location: BlogsJohan Arwidmark    
Posted by: johan 7/31/2007


This explains the necessary steps for configuring certificate based IPSec in Win PE 2.0.

For improvement suggestions (or bugs) in this guide, please drop a note to johan [dot] arwidmark [at] truesec [dot] com, or at (alias jarwidmark).

You might also find me in the public Microsoft desktop deployment newsgroups (microsoft.public.deployment.desktop)


Johan Arwidmark
Microsoft MVP – Setup & Deployment

The guide covers the following steps

o   Create the IPSec Policy

o   Installing the certificate in WinPE

Step 1 – Creating the IPSec Policy

  1. On the deployment server, create a IPSec Policy
  2. Using Regedit, export the assigned IPSec policy to a text file  (*.reg). The policy is stored in  (HKLM\Software\policies\Microsoft\windows\ipsec\policy\local
  3. On a client, install the IPSec certificate and then using the certificates mmc, export the IPSec certificate, and include the Root CA in the export

Step 2 – Install the Certificate in WinPE

  1. From a Vista machine, copy the certutil.exe and  en-US\certutil.exe to system32 of your WinPE Image
  2. Using Regedit.exe import the previously exported IPSec policy to the Registry
  3. Using an undocumented switch to certutil, -ImportPFX, import the previously exported certificate into WinPE
  4. Start the IPSec Policy Agent in WinPE



Permalink |  Trackback

 Search_Blog Minimize

Copyright 2006-2012 (c)   Terms Of Use  Privacy Statement
DotNetNuke® is copyright 2002-2019 by DotNetNuke Corporation