Overcoming an Error When Using IPSECCMD SHOW GPO on Standard 2009

The IPSecurity Services component in XP Embedded and Windows Embedded Standard 2009  is normally only configured dynamically in certain scenarios involving Domain Participation and Active Directory. In some instances it has been reported that when IPSECCMD SHOW GPO is used, the following error results:

“error 2 The system cannot find the file specified.”

The problem is due to the following registry key being present in the XPE IP Security Services component:

"SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\GPTIPSECPolicy", but with no values associated with it.

An example of how this key’s values are normally populated (with sample values) is:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy]

"DSIPSECPolicyPath"="LDAP://CN=ipsecPolicy{1252bb1d-3253-476d-a468-c1ee6b3043cc},

CN=IP Security,CN=System,DC=mydomain,DC=corp,DC=mycompany,DC=com"

"DSIPSECPolicyFlags"=dword:00000001

"DSIPSECPolicyName"="SecNet Simple Default Policy (1.05.070444)"

"DSIPSECPolicyDescription"="SecNet Simple Default Policy (1.05.070444)"

This key is not automatically present on an XP Pro desktop system so it can be inferred that it is not necessary to have this key be present on an XPe or Std09 system. Therefore, in the case of this error the issue can be fixed by either:

• Populating it with the appropriate value keys for the environment the runtime is deployed in
• Deleting the GPTIPSECPolicy key.

Obviously the usual degree of testing should be applied after using either solution, in order to verify that there are no unforeseen consequences later.

- Lynda

Technorati Tags: XPe,Embedded Standard