Bypassing an Active Directory assigned IPSEC policy

I was in the process of translating some locally defined IPSEC policies on my test systems into group policies. In the process I applied an incomplete policy which was missing the line that allows direct access to my DCS which aren't yet set up for ipsec.

This has locked out my ability to apply the updated policy (which removes these restrictions) from my test systems.

How can I forcibly remove this policy to allow me to continue testing?


Solution 1:

I managed to find a way to address this problem via an old technet reference.

Delete HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\IPSec\GPTIPSECPolicy, unassign the locally assigned policy and reboot.