PowerShell Logo Small

Disable-NetIPsecRule



This is the built-in help made by Microsoft for the command 'Disable-NetIPsecRule', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Disables an IPsec rule.

SYNTAX


Disable-NetIPsecRule [-All] [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
[-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AllowSetKey <Boolean[]>] [-AllowWatchKey <Boolean[]>] [-AsJob] [-CimSession <CimSession[]>] [-Description <String[]>] [-DisplayGroup <String[]>]
[-Enabled <Enabled[]>] [-EncryptedTunnelBypass <Boolean[]>] [-ForwardPathLifetime <UInt32[]>] [-GPOSession <String>] [-Group <String[]>] [-InboundSecurity
<SecurityPolicy[]>] [-KeyModule <KeyModule[]>] [-Machine <String[]>] [-Mode <IPsecMode[]>] [-OutboundSecurity <SecurityPolicy[]>] [-PassThru] [-Phase1AuthSet <String[]>]
[-Phase2AuthSet <String[]>] [-PolicyStore <String>] [-PolicyStoreSource <String[]>] [-PolicyStoreSourceType <PolicyStoreType[]>] [-PrimaryStatus <PrimaryStatus[]>]
[-QuickModeCryptoSet <String[]>] [-RemoteTunnelHostname <String[]>] [-RequireAuthorization <Boolean[]>] [-Status <String[]>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
[-User <String[]>] [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-PassThru] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecQuickModeCryptoSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecPhase1AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetIPsecPhase2AuthSet <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallProfile <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallPortFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallInterfaceTypeFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallInterfaceFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-AssociatedNetFirewallAddressFilter <CimInstance> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>] [-TracePolicyStore]
-DisplayName <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Disable-NetIPsecRule [-IPsecRuleName] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-GPOSession <String>] [-PassThru] [-PolicyStore <String>] [-ThrottleLimit <Int32>]
[-TracePolicyStore] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Disable-NetIPsecRule cmdlet disables a previously enabled IPsec rule to be inactive within the computer or a group policy organizational unit. A disabled rule will not
actively modify computer behavior, but the rule still exists on the computer or in a Group Policy Object (GPO) so it can be re-enabled. This is different from the
Remove-NetIPsecRule which permanently removes the rule.


This cmdlet gets one or more IPsec rules to be disabled with the IPsecRuleName parameter (default), the DisplayName parameter, rule properties, or by associated filters or
objects. The Enabled parameter value for the resulting queried rules is set to False.


Disabling firewall and IPsec rules can be useful for debugging IPsec policy mismatch issues, but is easier when the rules are in the local, or persistent, store. Disabling
rules in a GPO container will not take effect until the next time the client applies the GPO. To troubleshoot GPO-based IPsec policy, consider copying all the rules, and
authorization and cryptographic sets from the GPO to a computer that does not have the GPO policy applied using the corresponding Copy-NetIPsecRule cmdlets. This is the way
to locally modify the policy, in order to troubleshoot any IPsec failures.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=225799
Copy-NetIPsecRule
Enable-NetIPsecRule
Get-NetFirewallAddressFilter
Get-NetFirewallInterfaceFilter
Get-NetFirewallInterfaceTypeFilter
Get-NetFirewallPortFilter
Get-NetFirewallProfile
Get-NetIPsecPhase1AuthSet
Get-NetIPsecPhase2AuthSet
Get-NetIPsecQuickModeCryptoSet
Get-NetIPsecRule
New-NetIPsecRule
Open-NetGPO
Remove-NetIPsecRule
Save-NetGPO
Set-NetIPsecRule
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>Disable-NetIPsecRule -DisplayName "Require Outbound Authentication" -PolicyStore domain.contoso.com\gpo_name



This example disables an IPsec rule in a GPO given the localized name.




EXAMPLE 2

PS C:\>Disable-NetIPsecRule –Group "Ipsec-DirectAccess-Traffic" –Mode Transport -PolicyStore ActiveStore



This example disables all transport mode DA rules on the local computer.




EXAMPLE 3

PS C:\>$phase1AuthSet = Get-NetIPsecPhase1AuthSet –DisplayName "Computer Kerb, CA Auth"



PS C:\>Disable-NetIPsecRule –InputObject $phase1AuthSet



This example disables the IPsec rules associated with the specified phase 1 authentication set.