This explains the necessary steps for configuring certificate based IPSec in Win PE 2.0.
For improvement suggestions (or bugs) in this guide, please drop a note to johan [dot] arwidmark [at] truesec [dot] com, or at myitforum.com (alias jarwidmark).
You might also find me in the public Microsoft desktop deployment newsgroups (microsoft.public.deployment.desktop)
Microsoft MVP – Setup & Deployment
The guide covers the following steps
o Create the IPSec Policy
o Installing the certificate in WinPE
Step 1 – Creating the IPSec Policy
On the deployment server, create a IPSec Policy
Using Regedit, export the assigned IPSec policy to a text file (*.reg). The policy is stored in (HKLM\Software\policies\Microsoft\windows\ipsec\policy\local
On a client, install the IPSec certificate and then using the certificates mmc, export the IPSec certificate, and include the Root CA in the export
Step 2 – Install the Certificate in WinPE
From a Vista machine, copy the certutil.exe and en-US\certutil.exe to system32 of your WinPE Image
Using Regedit.exe import the previously exported IPSec policy to the Registry
Using an undocumented switch to certutil, -ImportPFX, import the previously exported certificate into WinPE
Start the IPSec Policy Agent in WinPE