Services Utility: IPSEC Services Service

Display Name (?): IPSEC Services
Short Name (?): PolicyAgent
Executable (?): lsass.exe
Library (?): None.
Depends On (?): Remote Procedure Call (RPC)
Supports (?): None.
Description (?): Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
OS (?): XP Home/Professional, Vista Home/Business, Server 2003, Vista Server
Startup (?):
DefaultHomeWorkstationServerMinimalTweakedAutomatic
AutomaticManualAutomaticAutomaticManualDisabledDisabled

Explanation (?):

The IPSEC services service is used in managing IPSEC policies, deploying IPSEC policies, starting ISAKMP/Oakley (IKE) and controlling of the IP security driver. The IPSEC policies are obtained from an authenticated active directory at a polling interval and during logon. Clients may also manually poll an active directory using the "pupdate /target:computer" command. The service itself is used in obtaining the policy so that it can load it through the IP security driver.

IPSEC (IP Security) itself is used in encrypting packets and authenticating with secret keys through the use of public keys from IKE. This provides a very cross platform method for data security over unsecure lines. However, security is only good when the key is not compromised. This is especially useful for VPN type traffic, or any other form of IP traffic that needs security. Two forms of IPSEC exist, transport and tunnel. With transport IPSEC only the data is encrypted, but with tunnel IPSEC the header and the data are encrypted.

This service is only required if you are using IPSEC to encrypt data. For the vast majority of people this service is totally unneeded. You will only need this if you are connected to an active directory and need authenticated encryption. You can set it to manual if you don't need it, and in the case that it is then it will be used.


Please visit /tools/services/ for the complete Vernalex.com Services utility.