Hi all,hope this wont be another thread unanswered!!!im looking for a stronger security in terms of ipsec settings and im in doubt with some values if they are compatible with windows7 parameters or if they only apply to windows server 2003 and other older MS OS...trying to figure out if setting this : netsh ipsec dynamic set config property=StrongCRLCheck value=2 makes it more restrict in terms of certificate policy,iv read that setting it to a value of 2 makes a stronger checking considering that the value of 1 is the default behavior!!Any thoughts?also would like to ask why when im not running the CMD not in elevated mode from my standard account and i type : netsh ipsec dynamicshow configit shows as StrongCRLCheck=1 which is different from when i run the CMD elevated that shows StrongCRLCheck=2 obviously cuz i changed it in my admin account but i think the same should apply to standard users account...maybe thats a false message and the right config is the StrongCRLCheck=2...will be looking forward for any replies..Regards,RR

BTW im going to take advantage of this thread and hoping some1 will make any consideration hereso iwill post some other doubts that is bothering me a lot..The default behavior for IPsecexempt is a value of 3,ok i wonder if this is exactly the oposite of the value NoDefaultExempt in the ipsec key which looks like this :hkey_local_machine\system\currentcontrolset\services\ipsecDWORD: NoDefaultExempt=1 which is intended to prevent isolation on RSVP..and to mitgate this kind of attacks u can also protect urself by creating another value in :hkey_local_machine\system\currentcontrolset\services\tcpip\parameters\interfaces\INTERFACEGUIDadd a Dword value named :Qos=0set to a value of 0!!!also in the key path:hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\DWORD: IpsecExempt=9my question is why is that set to a value of 9 ?wouldnt be more secure set it to a value of 1 ?the same question for ipsecexempt=3 in the nesth commands!!another question is why we have the DisableStatefulFTP=0 if the intended value for better security is set it to a value of 1 and disabled that?heard hackes can exploit this hole...Again will be expecting replies so bad!!!Regards,RR

Can any MVP answerer or MSFT have me simple answers such as Positive or negative ?as far as i know that isnt something ruff to answer nor advanced ,i just need to clarify my ideas about those settings thats all,all i need is simple answer,less than a minute ,but if thats too hard or i am too annoying sorry for that and wont ask anything else here and will look for other forums to get more attention...Kind regards,RRPS: im starting to think that some rebels here aint complainting for nuttin and they might have reasons forcomplainting they nothaving no answers,as im defending MS and aint even getting paid for that ,kinda disapointed with the frigidity regarding my threads and not taking serious my questions not related to windows 7 issues..

ok this post deserves a first bump!BUMP!!!