Donat Was Here

DonatShell
Server IP : 180.180.241.3 / Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF
Directory : /Windows/System32/en-US/
Upload File :
[ HOME SHELL ]
Current File : /Windows/System32/en-US//nshipsec.dll.mui
MZگےے¸@¸؛´	ح!¸Lح!This program cannot be run in DOS mode.

$uُظE›ٹE›ٹE›ٹLlٹD›ٹLl
ٹD›ٹRichE›ٹPELرب[Jà!	قًڈہ@ ـ.rsrcàق@@€(€@€€ €—·8€¹P€؛h€½€€ہک€أ°€ؤب€ئà€ةّ€ت€ج(€د@€ذX€زp€سˆ€û €ü¸€‏ذ€è€€€0€H€`€x€گ€¨€ہ€-ط€.ً€3€@ €S8€YP€Zh€[€€_ک€`°€xب€~à€ّ€‹	€Œ(	€چ@	€‘X	€’p	€“ˆ	€— 	€ک¸	€‍ذ	€¤è	€ھ
€«
€¬0
€éH
€ï`
€ûx
€üگ
€¨
€ہ
€ط
€ً
€€ €8€P€'h€(€€-ک€4°€:ب€Fà€Gّ€M€N(€S@€YX€_p€`ˆ€f €l¸€rذ€xè€y
€…
€‹0
€ژH
€’`
€”x
€–گ
€—¨
€کہ
€ڑط
€›ً
€œ€‌ €¤8€¥P€¦h€ھ€€«ک€¬°€®ب€¯à€°ّ€±€²(€³@€´X€µp€¶ˆ€· €¸¸€¹ذ€؛è€»€¼€½0€¾H€؟`€ہx€ءگ€آ¨€ضہ€×ط€`ً€a€b €c8€fP€gh€h€€iک€j°€kب€là€mّ€n€o(€p@€qX€rp€sˆ€t €‍¸€ںذ€ è€،€¢€£0€¤H€`€	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ			(	8	H	X	h	x	ˆ	ک	¨	¸	ب	ط	è	ّ-°نہ-:نü.4ن03ن46ضن8Dن(|قن}LنT~طQن,ذtن ذ¶نXزتن$ٌŒن°ٌنہَنن¤عن€rنôzنpT1نؤMzن@N®نًO~نpPBن´dو.نœ“ـنx•
ن„ھJنذ«خن ®lJنùخنـْ–نtübنطüّنذ‎îنہآن„`نن2نن4èن
”ن°
ـنŒؤنPنن4"نX>نک<نشذن¤ن´ذن„زنXˆنàنèDن,"–نؤ%fن,&نD)¤نè)Rن<*گنج*„نP,èن80طن1 ن°4Bنô5>ن49¤نط<ضن°>tن$?fنŒ?Dنذ?¸نˆ@”نC2نPCنTE نtF`نشFjن@Gdن¤HlنI†نکIêن„Jعن`K¤نLbنhLbنجL|نHNrن¼Nvن4OèنP‚ن P"نؤQzن@RVنکS,نؤT€نDWکنـYxنTZھن[RنT\ھن]bنd]lنذ^jن<`ˆنؤbنؤdِن¼eنطhpنHi:ن„j~نk"ن(nن<qنDuZن yکن8~’نج€âن°„Œن<†Jنˆˆôن|‹ىنhژDن¬“„ن0—¨نطک&ن›‚ن„›بنL‍نX¤üنT©نhننL¯¦نô±Lن@´Bن„·؛ن@½نP؟گنàء:نأعنّؤ²ن¬ئذن|ةdنàجDن$ذzن ×Nنًظ¬نœفن´كٹن@à؛نüà:ن8مèن çبنèè¸نMUIح‏ح‏°ءaت1…‎-ي »B‰€ùWZَ2n‎¬Taآfئم)@ˆک MUIen-US0Exports all the policies from the policy store.
6Imports the policies from a file to the policy store.
'Restores the default example policies.
PA
Usage:
  exportpolicy [ file = ] <string>

  Exports all the policies to a file.

Parameters:

  Tag         Value
  name       -Name of the file into which the policies are exported.

Remarks: .ipsec extension is by default added to the filename.

Examples: exportpolicy Policy1

ً
Usage:
  importpolicy [ file = ] <string>

  Imports policies from the specified file.

Parameters:

  Tag         Value
  name       -Name of the file from which the policies are imported.

Remarks:

Examples: importpolicy Policy1.ipsec

r
Usage:
  restorepolicyexamples [release = ] (win2k | win2003)

  Restores the default policies.

Parameters:

  Tag         Value
  release    -OS release type, for default policies examples.

Remarks:  This command is only valid for the local computer policy store.

Examples: 1. restorepolicyexamples release=win2003
          2. restorepolicyexamples release=win2k

.Creates new policies and related information.
/Creates a policy with a default response rule.
Creates an empty filter list.
Creates a filter action.
)Creates a rule for the specified policy.
Adds a filter to filter list.
PAB
Usage:
  policy [ name = ] <string>
         [ [ description = ] <string> ]
         [ [ mmpfs = ] (yes | no) ]
         [ [ qmpermm = ] <integer> ]
         [ [ mmlifetime = ] <integer> ]
         [ [ activatedefaultrule = ] (yes | no) ]
         [ [ pollinginterval = ] <integer> ]
         [ [ assign = ] (yes | no) ]
         [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

  Creates a policy with the specified name.

Parameters:

  Tag                   Value
  name                 -Name of the policy.
  description          -Brief information about the policy.
  mmpfs                -Option to set master perfect forward secrecy.
  qmpermm              -Number of quick mode sessions per main mode
                        session of IKE.
  mmlifetime           -Time in minutes to rekey for main mode of IKE.
  activatedefaultrule  -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
  pollinginterval      -Polling Interval, time in minutes for policy agent
                        to check for changes in policy store.
  assign               -Assigns the policy as active or inactive. 
  mmsecmethods         -List of one or more space separated security
                        methods in the form of ConfAlg-HashAlg-GroupNum,
                        where ConfAlg can be DES or 3DES,
                        HashAlg is MD5 or SHA1.
                        GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).

Remarks:  1. If mmpfs is specified, qmpermm is set to 1.
          2. If the store is 'domain' then  assign  will have no effect.
          3. The use of DES and MD5 is not recommended. These cryptographic
             algorithms are provided for backward compatibility only.

Examples: add policy Policy1 mmpfs= yes assign=yes
          mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"

A
Usage:
  filterlist [ name = ] <string>
             [ [ description = ] <string> ]

  Creates an empty filter list with the specified name.

Parameters:

  Tag           Value
  name         -Name of the filter list.
  description  -Brief information about the filter list.

Remarks:

Examples: add filterlist Filter1

ز
Usage:
  filteraction [ name = ] <string>
               [ [ description = ] <string> ]
               [ [ qmpfs = ] (yes | no) ]
               [ [ inpass  = ] (yes | no) ]
               [ [ soft = ] (yes | no) ]
               [ [ action = ] (permit | block | negotiate) ]
               [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

  Creates a filter action.

Parameters:

  Tag           Value
  name         -Name of the filter action.
  description  -Brief information about the type of filter action.
  qmpfs        -Option to set quick mode perfect forward secrecy.
  inpass       -Accept unsecured communication, but always respond
                using IPsec. This takes a value of either  yes  or  no .
  soft         -Allow unsecured communication with non-IPsec-aware
                computers. This takes a value of either  yes  or  no .
  action       -This takes permit, block or negotiate.
  qmsecmethods -IPsec offer in one of the following formats:
                ESP[ConfAlg,AuthAlg]:k/s
                AH[HashAlg]:k/s
                AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
                where ConfAlg can be DES or 3DES or None.
                where AuthAlg can be MD5 or SHA1 or None.
                where HashAlg is MD5 or SHA1.
                where k is Lifetime in kilobytes.
                where s is Lifetime in seconds.

Remarks:  1. Quick mode security methods are ignored if the action is not
              negotiate 
          2. The use of DES and MD5 is not recommended. These cryptographic
             algorithms are provided for backward compatibility only.

Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate
          qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"

(	
Usage:
  rule [ name = ] <string>
       [ policy = ] <string>
       [ filterlist = ] <string> 
       [ filteraction = ] <string> 
       [ [ tunnel = ] (ip | dns) ]
       [ [ conntype = ] (lan | dialup | all) ]
       [ [ activate = ] (yes | no) ]
       [ [ description = ] <string> ]
       [ [ kerberos = ] (yes | no) ]
       [ [ psk = ] <preshared key> ]
       [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]

  Creates a rule with the specified filter list and filter action.

Parameters:

  Tag            Value
  name          -Name of the rule.
  policy        -Name of the policy the rule belongs to.
  filterlist    -Name of the filter list to be used.
  filteraction  -Name of the filter action to be used.
  tunnel        -Tunnel end point IP address.
  conntype      -Connection type can be lan, dialup or  all .
  activate      -Activates the rule in the policy if  yes  is specified.
  description   -Brief information about the rule.
  kerberos      -Provides Kerberos authentication if  yes  is specified.
  psk           -Provides authentication using a specified preshared key.
  rootca        -Provides authentication using a specified root certificate,
                 attempts to map the cert if certmap:Yes is specified,
                 excludes the CA name if excludecaname:Yes is specified.

Remarks:  1. Certificate, mapping, and CA name settings are all to be within
             quotes; embedded quotes are to be replaced with \'.
          2. Certificate mapping is valid only for domain members.
          3. Multiple certificates can be provided by using the rootca
             parameter multiple times.
          4. The preference of each authentication method is determined by
             its order in the command.
          5. If no auth methods are stated, dynamic defaults are used.
          6. Excluding the root certification authority (CA) name prevents
             the name from being sent as part of the certificate request.

Examples: add rule name=Rule policy=Policy filterlist=Filterlist
          filteraction=FilterAction kerberos=yes psk="my key"
          rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
          rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West Root
          Authority\  certmap:yes excludecaname:no"

€	
Usage:
  filter [ filterlist = ] <string>
         [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
         [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
         [ [ description = ] <string> ]
         [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
         [ [ mirrored = ] (yes  |  no) ]
         [ [ srcmask = ] (mask | prefix) ]
         [ [ dstmask = ] (mask | prefix) ]
         [ [ srcport = ] <port> ]
         [ [ dstport = ] <port> ]

  Adds a filter to the specified filter list.

Parameters:

  Tag            Value
  filterlist    -Name of the filter list to which the filter is added.
  srcaddr       -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr       -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  description   -Brief information about the filter.
  protocol      -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  mirrored      - Yes  creates two filters, one in each direction.
  srcmask       -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range 
  dstmask       -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range
  srcport       -Source port of the packet. A value of 0 means any port.
  dstport       -Destination port of the packet. A value of 0 means any port.

Remarks:  1. If the filter list does not exist it will be created.
          2. To specify the current computer address, set srcaddr/dstaddr=me
             To specify all computer addresses, set srcaddr/dstaddr=any
          3. Server type can be WINS, DNS, DHCP or GATEWAY.
          4. If source is a server type, then dest is 'me' and vice-versa.
          5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45
          srcmask=24 dstmask=32
          2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0
          protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255
          3. add filter filterlist=Filter1 srcaddr=me dstaddr=any
          4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME
          5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME

PA4Modifies existing policies and related information.
Modifies a policy.
Modifies a filter list.
PAModifies a filter action.
Modifies a rule.
Sets the current policy store.
0Modifies the default response rule of a policy.
Sets the batch update mode.
2
Usage:
  policy [ name = ] <string> | [ guid = ] <guid>
         [ [ newname = ] <string> ]
         [ [ description = ] <string> ]
         [ [ mmpfs = ] (yes | no) ]
         [ [ qmpermm = ] <integer> ]
         [ [ mmlifetime = ] <integer> ]
         [ [ activatedefaultrule = ] ( yes | no) ]
         [ [ pollinginterval = ] <integer> ]
         [ [ assign = ] (yes | no) ]
         [ [ gponame = ] <string> ]
         [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

  Modifies a policy.

Parameters:

  Tag                  Value
  name | guid         -Name of the policy, or guid.
  newname             -New name.
  description         -Brief information.
  mmpfs               -Sets master perfect forward secrecy.
  qmpermm             -Number of quick modes per main mode.
  mmlifetime          -Time in minutes to rekey.
  activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista.
  pollinginterval     -Time in minutes to check for change in policy store.
  assign              -Assigns the policy.
  gponame             -Local AD group policy object name to which the policy
                       can be assigned. Valid when the store is domain.
  mmsecmethods        -List of one or more space separated security
                       methods in the form of ConfAlg-HashAlg-GroupNum.

Remarks:  1. If mmpfs is specified, qmpermm is set to 1.
          2. A GPO name can only be specified if the store is set to domain.
          3. The use of DES and MD5 is not recommended. These cryptographic
             algorithms are provided for backward compatibility only.

Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y
          2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
             newname=NewName gpo=DefaultDomainPolicy assign=y


Usage:
  filterlist [ name = ] <string> | [ guid = ] <guid>
             [ [ newname = ] <string> ]
             [ [ description = ] <string> ]

  Modifies a filter list name and description.

Parameters:

  Tag           Value
  name | guid  -Name of the filter list or guid.
  newname      -New name of the filter list.
  description  -Brief information about the filter list.

Examples: 1. set filterlist Filter1 desc=NewFilter1
          2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
                newname=FilterName


Usage:
  filteraction [ name = ] <string> | [ guid = ] <guid>
               [ [ newname = ] <string> ]
               [ [ description = ] <string> ]
               [ [ qmpfs = ] (yes | no) ]
               [ [ inpass  = ] (yes | no) ]
               [ [ soft = ] (yes | no)  ]
               [ [ action = ] (permit | block | negotiate) ]
               [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

  Modifies a filter action.

Parameters:

  Tag            Value
  name | guid   -Name or guid of the filter action.
  newname       -New name of the filter action.
  description   -Brief information about the filter action.
  qmpfs         -Option to set quick mode perfect forward secrecy.
  inpass        -Accept unsecured communication, but always respond
                 using IPsec. This takes a value of either  yes  or  no .
  soft          -Allow unsecured communication with non-IPsec-aware computers.
                 This takes a value of either  yes  or  no .
  action        -This takes permit or block or negotiate.
  qmsecmethods  -IPsec offer in one of the following formats:
                 ESP[ConfAlg,AuthAlg]:k/s
                 AH[HashAlg]:k/s
                 AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
                 where ConfAlg can be DES or 3DES or None.
                 where AuthAlg can be MD5 or SHA1 or None.
                 where HashAlg is MD5 or SHA1.
                 where k is lifetime in kilobytes.
                 where s is lifetime in seconds.

Remarks:  The use of DES and MD5 is not recommended. These cryptographic
          algorithms are provided for backward compatibility only.

Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s
         2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF}
           inpass=y

€	
Usage:
  rule [ name = ] <string> | [id= ] <integer>
       [ policy = ] <string>
       [ [ newname = ] <string> ]
       [ [ description = ] <string> ]
       [ [ filterlist = ] <string> ]
       [ [ filteraction = ] <string> ]
       [ [ tunnel = ] (ip | dns) ]
       [ [ conntype = ] (lan | dialup | all) ]
       [ [ activate = ] (yes | no) ]
       [ [ kerberos = ] (yes | no) ]
       [ [ psk = ] <preshared key> ]
       [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]

  Modifies a rule in a policy.

Parameters:

  Tag            Value
  name | id     -Name or ID of the rule.
  policy        -Name of the policy, the rule belongs to.
  newname       -New name of the rule.
  description   -Brief information about the rule.
  filterlist    -Name of the filter list to be used.
  filteraction  -Name of the filter action to be used.
  tunnel        -Tunnel ip address or dns name.
  conntype      -Connection type can be  lan ,  dialup  or  all .
  activate      -Activates the rule in the policy if  yes  is specified.
  kerberos      -Provides Kerberos authentication if  yes  is specified.
  psk           -Provides authentication using a specified preshared key.
  rootca        -Provides authentication using a specified root certificate,
                 attempts to map the cert if certmap:Yes is specified,
                 excludes the CA name if excludecaname:Yes is specified.

Remarks:  1. Certificate, mapping, and CA name settings are all to be within
             quotes; embedded quotes are to be replaced with \'.
          2. Certificate mapping is valid only for domain members.
          3. Multiple certificates can be provided by using the rootca
             parameter multiple times.
          4. The preference of each authentication method is determined by
             its order in the command.
          5. If no auth methods are stated, dynamic defaults are used.
          6. All authentication methods are overwritten with the stated list.
          7. Excluding the root certification authority (CA) name prevents
             the name from being sent as part of the certificate request.

Examples: 1. set rule name=Rule policy=Policy activate=yes
             rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West
             Root Authority\  certmap:yes excludecaname:no"
          2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156


Usage:
  store [location = ] (local | domain)
        [ [ domain = ] <string> ]

Sets the current IPsec policy storage location.

Parameters:

  Tag         Value
  location    Location of the IPsec policy store.
  domain      Domain name (only applies to the domain location).

Remarks:  1. The local store contains IPsec policies that can be assigned to
             secure this computer. If a domain policy is available, the
             domain policy is applied instead of the local policy.
          2. The domain store contains IPsec policies that can be assigned to
             secure groups of computers in a domain.
          3. Use the 'set machine' command to configure a remote computer.
          4. The default store is Local. Changes to the store setting persist
             only as long as the current Netsh session. If you need to run
             multiple commands in the same store from a batch file, use the
              Netsh Exec  when executing your batch file.
          5. Persistent store and persistent policy is not supported. 


Examples: 1. set store location= 
local
           - uses the local store of the current computer 
.
          2. set store location=domain domain=example.microsoft. 
com
           - uses the domain policy store for example.microsoft.com 
.

g	
Usage:
  defaultrule [ policy = ] <string>
              [ [ qmpfs = ] (yes | no) ]
              [ [ activate = ] (yes | no) ]
              [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]
              [ [ kerberos = ] (yes | no) ]
              [ [ psk = ] <preshared key> ]
              [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]

  Modifies the default response rule of the specified policy.
  This rule will be ignored on Windows Vista and later versions of Windows
 

Parameters:

  Tag            
Value
  policy       -Name of the policy for which the default response rule  
is
                to be modified 
.
  qmpfs        -Option to set quick mode perfect forward secrecy 
.
  activate     -Activates the rule in the policy if  yes  is specified 
.
  qmsecmethods -IPsec offer in one of the following formats:
                ESP[ConfAlg,AuthAlg]:k/ 
s
                AH[HashAlg]:k/ 
s
                AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ 
s
                where ConfAlg can be DES, or 3DES or None 
.
                where AuthAlg can be MD5, or SHA1 or None 
.
                where HashAlg is MD5 or SHA1 
.
                where k is lifetime in kilobytes 
.
                where s is lifetime in seconds 
.
  kerberos     -Provides Kerberos authentication if  yes  is specified 
.
  psk          -Provides authentication using a specified preshared key 
.
  rootca       -Provides authentication using a specified root certificate,
                attempts to map the cert if certmap:Yes is specified,
                excludes the CA name if excludecaname:Yes is specified 
.

Remarks:  1. Certificate, mapping, and CA name settings are all to be  
within
             quotes; embedded quotes are to be replaced with \' 
.
          2. Certificate mapping is valid only for domain members 
.
          3. Multiple certificates can be provided by using the  
rootca
             parameter multiple times 
.
          4. The preference of each authentication method is determined  
by
             its order in the command 
.
          5. If no auth methods are stated, dynamic defaults are used 
.
          6. The use of DES and MD5 is not recommended. These  
cryptographic
             algorithms are provided for backward compatibility only 
.

Examples: set defaultrule Policy1 activate= 
y
          qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"

…
Usage:
  set batch [mode = ] (enable | disable) 

  Sets the batch update mode.

Parameters:

mode - The mode for batch updates. 


*Deletes policies and related information.
 Deletes a policy and its rules.
Deletes a filter list.
Deletes a filter action.
Deletes a rule from a policy.
%Deletes a filter from a filter list.
8Deletes all policies, filter lists, and filter actions.
PA‹
Usage:
  policy [ name = ] <string> | [ all ]

  Deletes the policy and all its associated rules.

Parameters:

  Tag           Value
  name | all   -Name of the policy or  all .

Remarks:  If 'all' is specified, all policies are deleted.

Examples: 1. delete policy all
           - deletes all policies.
          2. delete policy name=Policy1
           - deletes the policy named Policy1.

(
Usage:
  filterlist [name = ] <string> | [ all ]

  Deletes the filter list and all of its associated filters.

Parameters:

  Tag           Value
  name | all   -Name of the filter list or  all .

Remarks:  If 'all' is specified, all filter lists are deleted.

Examples: delete filterlist all

?
Usage:
  filteraction [ name = ] <string> | [ all ]

  Deletes a filter action.

Parameters:

  Tag             Value
  name | all     -Name of the filter action or  all .

Remarks:  If 'all' is specified, all filter actions are deleted.

Examples: 1. delete filteraction FilterA
          2. delete filteraction all

§
Usage:
  rule [ name = ] <string> | [ id = ] <integer> | [ all ]
       [ policy = ] <string>

  Deletes a rule from a policy.

Parameters:

  Tag               Value
  name | id | all  -Name of the rule, ID of the rule, or  all 
  policy           -Name of the policy.

Remarks:  1. If 'all' is specified, deletes all rules from the policy except
             the default response rule.
          2. The default response rule cannot be deleted.
          3. The IDs will change with every delete.

Examples: 1. delete rule id=1 Policy1
            -deletes the rule with id=1 from Policy1.
          2. delete rule all Policy1
            -deletes all the rules from Policy1.

E
Usage:
  filter [ filterlist = ] <string>
         [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
         [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
         [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
         [ [ srcmask = ] (mask | prefix) ]
         [ [ dstmask = ] (mask | prefix) ]
         [ [ srcport = ] <port> ]
         [ [ dstport = ] <port> ]
         [ [ mirrored = ] (yes | no) ]

  Deletes a filter from a filter list

Parameters:

  Tag           Value
  filterlist   -Name of the filter list to which the filter was added.
  srcaddr      - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr      -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  protocol     -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  srcmask      -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range 
  dstmask      -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range 
  srcport      -Source port of the packet. A value of 0 means any port
  dstport      -Destination port of the packet. A value of 0 means any port.
  mirrored     - Yes  creates two filters, one in each direction.

Remarks:  1. Deletes the exact match filter from the filter list.
          2. To specify the current computer address, set srcaddr/dstaddr=me
             To specify all computer addresses, set srcaddr/dstaddr=any
          3. Server type can be WINS, DNS, DHCP or GATEWAY.
          4. If source is a server, then dest is set to 'me' and vice-versa.
          5.  If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com
          2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP
          3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP
          4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME

w
Usage:
  all

  Deletes all policies, filter lists, and filter actions.

Parameters:

Remarks:

Examples: delete all

PA6Displays details of policies and related information.
Displays policy details.
Displays filter list details.
 Displays filter action details.
Displays rule details.
:Displays details of all policies and related information.
-Displays details of a group assigned policy.
#Displays the current policy store.
z
Usage:
  policy [ name = ] <string> | [ all ]
         [ [ level = ] (verbose | normal) ]
         [ [ format = ] (list | table) ]
         [ [ wide = ] (yes | no) ]

  Displays the details of a policy

Parameters:

  Tag            Value
  name | all    -Name of the policy or  all .
  level         -Verbose or normal.
  format        -Output in screen or tab-delimited format.
  wide          -If set to  no , the name and description are truncated
                 to fit the screen width of 80 characters.

Remarks:  If 'all' is specified, all policy details are displayed.

Examples: show policy Policy1 wide=yes format=table

è
Usage:
  filterlist [ name = ] <string> | [ rule = ] <string> | [ all ]
             [ [ level = ] (verbose | normal) ]
             [ [ format = ] (list | table) ]
             [ [ resolvedns = ] (yes | no) ]
             [ [ wide = ] (yes | no) ]

  Displays the details of a filter list

Parameters:

  Tag                 Value
  name | rule | all  -Name of the filter list, rule name, or  all .
  level              -Verbose or normal.
  format             -Output in screen or tab-delimited format.
  resolvedns         -Value of  yes  will force the verbose output to show
                      the current dns mapping for ip addresses and dns
                      names that are stored in the filter fields.
  wide               -If set to  no , the name and description are truncated
                      to fit the screen width of 80 characters.

Remarks:  If 'all' is specified, all filter lists are displayed.

Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes

ع
Usage:
  filteraction  [ name = ] <string>  | [ rule = ] <string> | [ all ]
                [ [ level = ] (verbose | normal) ]
                [ [ format = ] (list | table) ]
                [ [ wide = ] (yes | no) ]

  Displays the details of a filter action

Parameters:

  Tag                 Value
  name | rule | all  -Name of the filter action, rule name, or  all .
  level              -Verbose or normal.
  format             -Output in screen or tab-delimited format
  wide               -If set to  no , the name and description are truncated
                      to fit the screen width of 80 characters.

Remarks:  If 'all' is specified, all filter actions are displayed.

Examples: 1. show filteraction FilterAction1
           - shows the details of the filter action named FilterAction1
          2. show filteraction rule=Rule1
           - shows the filter action used by the rule named Rule1
          3. show filteraction all
           - shows all filter actions

F
Usage:
  rule [ name = ] <string>  | [ id = ] <integer> ] | [ all ] | [default]
       [ policy = ] <string> 
       [ [ type = ] (tunnel | tranport) ]
       [ [ level = ] (verbose | normal) ]
       [ [ format = ] (list | table) ]
       [ [ wide = ] (yes | no) ]

  Displays the details of rules for the policy.

Parameters:

  Tag                         Value
  name | id | all | default  -Name of the rule, its id,  all , or  default .
  policy                     -Name of the policy.
  type                       -Rule type is  transport  or  tunnel .
  level                      -Verbose or normal.
  format                     -Output in screen or tab-delimited format.
  wide                       -If set to  no , the name and description are
                              truncated to fit the screen width of 80
                              characters.

Remarks:  1. If  all  is specified, all rules are displayed.
          2. If the type parameter is specified, 'all' needs to be specified.

Examples: 1. show rule all type=transport policy=Policy1
           - shows all the transport rules of the policy named Policy1.
          2. show rule id=1 policy=Policy1
           - shows the first rule of the policy.
          3. show rule default policy=Policy1
           - shows the details of the default response rule of Policy1.

ٹ
Usage:
  all  [ [ format = ] (list | table) ]
       [ [ wide = ] (yes | no) ]

  Displays all policies, filter lists, and filter actions.

Parameters:

  Tag           Value
  format       -Output in screen or tab-delimited format.
  wide         -If set to  no , the name and description are truncated
                to fit the screen width of 80 characters.

Remarks:

Examples: show all


Usage:
  gpoassignedpolicy [name = ] <string>

  Displays the details of the active policy for the specified GPO.

Parameters:

  Tag            Value
  Name          -Local AD Group policy object name.


Remarks: 1. if the current store is domain, the name parameter
            is required, otherwise it is not allowed

Examples: 1. show gpoassignedpolicy name=GPO1
           - shows the assigned domain policy to GPO1.
          2. show gpoassignedpolicy
           - shows currently assigned policy on this computer.

'
Usage:
  store

Examples: show store

PA)Adds policy, filter, and actions to SPD.
PA!Adds a quick mode policy to SPD.
 Adds a main mode policy to SPD.
!Adds a quick mode filter to SPD.
 Adds a main mode filter to SPD.
+Adds a rule and associated filters to SPD.
PAU
Usage:
  qmpolicy [ name = ] <string>
           [ [ soft = ] (yes | no) ]
           [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
           [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

  Adds a quick mode policy to SPD.

Parameters:

  Tag                     Value
  name                   -Name of the quick mode policy.
  soft                   -Allow unsecured communication with non-IPsec-aware
                          computers.
                          This takes a value of either  yes  or  no .
  pfsgroup               -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
  qmsecmethods           -IPsec offer in one of the following formats:
                          ESP[ConfAlg,AuthAlg]:k/s
                          AH[HashAlg]:k/s
                          AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
                          where ConfAlg can be DES or 3DES or None.
                          where AuthAlg can be MD5 or SHA1 or None.
                          where HashAlg is MD5 or SHA1.
                          where k is lifetime in kilobytes.
                          where s is lifetime in seconds.

Remarks:  The use of DES and MD5 is not recommended. These cryptographic
          algorithms are provided for backward compatibility only.

Examples: add qmpolicy name=qmp
          qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"

ث
Usage:
  mmpolicy [ name = ] <string>
           [ [ qmpermm = ] <integer>  ]
           [ [ mmlifetime = ] <integer> ]
           [ [ softsaexpirationtime  = ] <integer> ]
           [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

  Adds a main mode policy to SPD.

Parameters:

  Tag                     Value
  name                   -Name of the main mode policy.
  qmpermm                -Number of quick mode sessions per main mode session
                          of IKE.
  mmlifetime             -Time in minutes to rekey for main mode of IKE.
  softsaexpirationtime   -Time in minutes for an unprotected SA to expire.
  mmsecmethods           -List of one or more space separated security
                          methods in the form of ConfAlg-HashAlg-GroupNum.
                          where ConfAlg can be DES or 3DES
                          where HashAlg can be MD5 or SHA1
                          GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks:  The use of DES and MD5 is not recommended. These cryptographic
          algorithms are provided for backward compatibility only.

Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20
          mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"

z
Usage:
  rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
       [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
       [ mmpolicy = ] <string>
       [ [ qmpolicy = ] <string> ]
       [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
       [ [ srcport = ] <port> ]
       [ [ dstport = ] <port> ]
       [ [ mirrored = ] (yes | no) ]
       [ [ conntype = ] (lan | dialup | all) ]
       [ [ actioninbound = ] (permit | block | negotiate) ]
       [ [ actionoutbound = ] (permit | block | negotiate) ]
       [ [ srcmask = ] (mask | prefix) ]
       [ [ dstmask = ] (mask | prefix) ]
       [ [ tunneldstaddress = ] (ip | dns) ]
       [ [ kerberos = ] (yes | no) ]
       [ [ psk = ] <preshared key> ]
       [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]

  Adds a Rule.

Parameters:

  Tag               Value
  srcaddr          - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr          -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  mmpolicy         -Main mode policy
  qmpolicy         -Quick mode policy
  protocol         -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
                    If you specify a port, acceptable value is TCP or UDP. 
  srcport          -Source port(0 means any port)
  dstport          -Destination port(0 means any port)
  mirrored         - Yes' creates two filters, one in each direction.
  conntype         -Connection type
  actioninbound    -Action for inbound packets
  actionoutbound   -Action for outbound packets
  srcmask          -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range 
  dstmask          -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range 
  tunneldstaddress -Tunnel destination ip address or dns name.
  kerberos         -Provides kerberos authentication if  yes  is specified.
  psk              -Provides authentication using a specified preshared key.
  rootca           -Provides authentication using a specified root certificate,
                    attempts to map the cert if certmap:Yes is specified,
                    excludes the CA name if excludecaname:Yes is specified.

Remarks: 1. Port valid for TCP and UDP.
         2. Server type can be WINS, DNS, DHCP or GATEWAY
         3. Default for actioninbound and actionoutbound is  negotiate .
         4. For tunnel rules, mirrored must be set to 'no'.
         5. Certificate, mapping, and CA name settings are all to be within
            quotes; embedded quotes are to be replaced with \'.
         6. Certificate mapping is valid only for domain members.
         7. Multiple certificates can be provided by using the rootca
            parameter multiple times.
         8. The preference of each authentication method is determined by its
            order in the command.
         9. If no auth methods are stated, dynamic defaults are used.
        10. Excluding the root certification authority (CA) name prevents the
            name from being sent as part of the certificate request.
        11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp
         qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255
         rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
         rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West Root
         Authority\  certmap:yes excludecaname:no"
-Modifies policy, filter, and actions in SPD.
PA%Modifies a quick mode policy in SPD.
$Modifies a main mode policy in SPD.
%Modifies a quick mode filter in SPD.
$Modifies a main mode filter in SPD.
5Sets the IPsec configuration and boot time behavior.
PA/Modifies a rule and associated filters in SPD.
PAX
Usage:
  qmpolicy [ name = ] <string>
           [ [ soft = ] (yes | no) ]
           [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ]
           [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ]

  Modifies a quick mode policy in SPD.

Parameters:

  Tag                     Value
  name                   -Name of the quick mode policy.
  soft                   -Allow unsecured communication with
                          non-IPsec-aware computers.
                          This takes a value of either 'yes' or 'no'.
  pfsgroup               -GRP1,GRP2,GRP3,GRPMM,NOPFS(default).
  qmsecmethods           -IPsec offer in one of the following formats:
                          ESP[ConfAlg,AuthAlg]:k/s
                          AH[HashAlg]:k/s
                          AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s
                          where ConfAlg can be DES, or 3DES or None.
                          where AuthAlg can be MD5, or SHA1 or None.
                          where HashAlg is MD5 or SHA1.
                          where k is lifetime in kilobytes.
                          where s is lifetime in seconds.

Remarks:  The use of DES and MD5 is not recommended. These cryptographic
          algorithms are provided for backward compatibility only.

Example: set qmpolicy name=qmp pfsg=grp3
         qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"

¹
Usage:
  mmpolicy [ name = ] <string>
           [ [ qmpermm = ] <integer>  ]
           [ [ mmlifetime = ] <integer> ]
           [ [ softsaexpirationtime  = ] <integer> ]
           [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]

  Modifies a main mode policy with the   new parameters in SPD.

Parameters:

  Tag                     Value
  name                   -Name of the main mode policy.
  qmpermm                -Number of quick mode sessions per main mode session
                          of IKE.
  mmlifetime             -Time in minutes to rekey for main mode of IKE.
  softsaexpirationtime   -Time in minutes for an unprotected SA to expire.
  mmsecmethods           -List of one or more space separated security
                          methods in the form of ConfAlg-HashAlg-GroupNum,
                          where ConfAlg can be DES or 3DES,
                          HashAlg is MD5 or SHA1,
                          GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048).

Remarks:  The use of DES and MD5 is not recommended. These cryptographic
          algorithms are provided for backward compatibility only.

Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3

PAW
Usage:
  config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | 
                      ikelogging | strongcrlcheck | bootmode | bootexemptions) ]
         [ value = ] <integer> | <bootmode> | <bootexemptions> ]

  Configures the parameters for IPsec.

Parameters:

  Tag             Value
  property       -Property name.
  value          -Value that corresponds to the property.

Remarks: 1. Valid values for the properties are:
             ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7
             ikelogging       - 0, 1
             strongcrlcheck   - 0, 1, 2
             ipsecloginterval - 60 to 86400 sec
             ipsecexempt      - 0, 1, 2, 3
             bootmode         - stateful, block, permit
             bootexemptions   - none, "exemption#1 exemption#2 ... exemption#n"
                                where the quoted string specifies a list of
                                protocols and ports to always allow during
                                boot mode in the following format:
                                  Protocol:SrcPort:DstPort:Direction
                                    where protocol is ICMP, TCP, UDP,
                                      RAW, or <integer>
                                    where direction is inbound or outbound
         2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and 
            bootexemptions options are provided for backward compatibility.
            Not valid for Windows Vista and later operating systems.
         3. SrcPort and DstPort are only valid for TCP and UDP, with other
            protocols the format of the exemption is Protocol:Direction.
         4. A port setting of 0 allows for traffic for any port.
         5. ikelogging and strongcrlcheck are activated immediately;
            all other properties take effect on next boot.

Examples: 1. set config property=ipsecdiagnostics value=0
          2. set config property=bootmode value=stateful
          3. set config property=bootexemptions value=none
          4. set config property=bootexemptions
             value="ICMP:inbound TCP:80:80:outbound"


Usage:
  rule [ srcaddr = ] (ip | dns | server)
       [ dstaddr = ] (ip | dns | server)
       [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>)
       [ srcport = ] <port>
       [ dstport = ] <port>
       [ mirrored = ] (yes | no)
       [ conntype = ] (lan | dialup | all)
       [ [ srcmask = ] (mask | prefix) ]
       [ [ dstmask = ] (mask | prefix) ]
       [ [ tunneldstaddress = ] (ip | dns) ]
       [ [ mmpolicy = ] <string> ]
       [ [ qmpolicy = ] <string> ]
       [ [ actioninbound = ] (permit | block | negotiate) ]
       [ [ actionoutbound = ] (permit | block | negotiate) ]
       [ [ kerberos = ] (yes | no) ]
       [ [ psk = ] <preshared key> ]
       [ [ rootca = ] "<certificate> certmap:(yes | no) excludecaname:(yes | no)" ]

  Modifies a rule and associated filters in SPD.

Parameters:

  Tag               Value
  srcaddr          - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr          -Destination ip address (ipv4 or ipv6), address range,  dns name, or server type.
  protocol         -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  srcport          -Source port (0 means any port)
  dstport          -Destination port (0 means any port)
  mirrored         -'Yes' creates two filters, one in each direction.
  conntype         -Connection type
  srcmask          -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range 
  dstmask          -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range 
  tunneldstaddress -Tunnel destination ip address or dns name.
  mmpolicy         -Main mode policy
  qmpolicy         -Quick mode policy
  actioninbound    -Action for inbound packets
  actionoutbound   -Action for outbound packets
  kerberos         -Provides kerberos authentication if  yes  is specified
  psk              -Provides authentication using a specified preshared key
  rootca           -Provides authentication using a specified root certificate,
                    attempts to map the cert if certmap:Yes is specified,
                    excludes the CA name if excludecaname:Yes is specified.

Remarks:  1. Mmpolicy, qmpolicy, actioninbound, actionoutbound
             and authmethods can be set; other fields are identifiers.
          2. Server type can be WINS, DNS, DHCP or GATEWAY
          3. Certificate, mapping, and CA name settings are all to be within
             quotes; embedded quotes are to be replaced with \'.
          4. Certificate mapping is valid only for domain members.
          5. Multiple certificates can be provided by using the rootca
             parameter multiple times.
          6. The preference of each authentication method is determined by
             its order in the command.
          7. If no auth methods are stated, dynamic defaults are used.
          8. All authentication methods are overwritten with the stated list.
          9. Excluding the root certification authority (CA) name prevents
             the name from being sent as part of the certificate request.
         10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32
             tunneldst=192.168.145.1
             proto=tcp srcport=80 dstport=80 mir=no con=lan
             qmp=qmp actionin=negotiate actionout=permit
          2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215
             mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32
             rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority"
             rootca="C=US,O=MSFT,CN=\ Microsoft North, South, East, and West
             Root Authority\  certmap:yes excludecaname:no"

PA.Deletes policy, filter, and actions from SPD.
&Deletes a quick mode policy from SPD.
%Deletes a main mode policy from SPD.
0Deletes a rule and associated filters from SPD.
5Deletes all policies, filters, and actions from SPD.
r
Usage:
  qmpolicy  [ name = ] <string> | [ all ]

  Deletes a quick mode policy from SPD.
  If 'all' is specified, all quick mode policies are deleted.

Parameters:

  Tag     Value
  name   -Name of the quick mode policy.

Remarks:  To delete a quick mode policy, any associated quick mode filters
          must first be deleted.

Examples: delete qmpolicy name=qmp

n
Usage:
  mmpolicy   [ name = ] <string> | [ all ]

  Deletes a main mode policy from SPD.
  If 'all' is specified, all main mode policies are deleted.

Parameters:

  Tag     Value
  name   -Name of the main mode policy.

Remarks:  To delete a main mode policy, any associated main mode filters must
          first be deleted.

Examples: delete mmpolicy name=mmp

*
Usage:
  rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
       [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server)
       [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>)
       [ srcport = ] <port>
       [ dstport = ] <port>
       [ mirrored = ] (yes | no)
       [ conntype = ] (lan | dialup | all)
       [ [ srcmask = ] (mask | prefix) ]
       [ [ dstmask = ] (mask | prefix) ]
       [ [ tunneldstaddress = ] (ip | dns) ]

  Deletes a rule from SPD.

Parameters:

  Tag               Value
  srcaddr          -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr          -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  protocol         -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  srcport          -Source port. A value of 0 means any port.
  dstport          -Destination port. A value of 0 means any port.
  mirrored         - Yes  creates two filters, one in each direction.
  conntype         -Connection type can be lan, dialup or  all .
  srcmask          -Source address mask or a prefix of 1 through 32.
  dstmask          -Destination address mask or a prefix of 1 through 32.
  tunneldstaddress -Tunnel destination ip address or dns name.

Remarks:  1. To specify the current computer address, set srcaddr/dstaddr=me
             To specify all computer addresses, set srcaddr/dstaddr=any
          2. Server type can be WINS, DNS, DHCP or GATEWAY
          3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215
          tunneldsta=192.168.145.1
          proto=tcp srcport=80 dstport=80 mirror=no conntype=lan

k
Usage:
  all

  Deletes all policies, filters, and authentication methods from SPD.

Example: delete all

PA/Displays policy, filter, and actions from SPD.
:Displays policies, filters, SAs, and statistics from SPD.
,Displays main mode policy details from SPD.
PA-Displays quick mode policy details from SPD.
,Displays main mode filter details from SPD.
-Displays quick mode filter details from SPD.
,Displays IPsec and IKE statistics from SPD.
3Displays main mode security associations from SPD.
4Displays quick mode security associations from SPD.
Displays IPsec configuration.
 Displays rule details from SPD.
PAc
Usage:
  all [ [ resolvedns = ] (yes | no) ]

  Displays details of all policies, filters, SAs, and statistics from SPD.

Parameters:

  Tag               Value
  resolvedns       -Value of 'yes' displays the resolved dns name.

Remarks:  Default value of resolvedns is  no .

Examples: show all yes
         - shows all information with dns resolution

3
Usage:
  mmpolicy [ name = ] <string> | [ all ]

  Displays main mode policy details from SPD.

Parameters:

  Tag     Value
  name   -Name of the main mode policy.

Remarks:  If 'all' is specified, all main mode policies are displayed.

Examples: 1. show mmpolicy name=mmp
          2. show mmpolicy all

6
Usage:
  qmpolicy [ name = ] <string> | [ all ]

  Displays quick mode policy details from SPD.

Parameters:

  Tag     Value
  name   -Name of the quick mode policy.

Remarks:  If 'all' is specified, all quick mode policies are displayed.

Examples: 1. show qmpolicy name=qmp
          2. show qmpolicy all

3
Usage:
  mmfilter [ name = ] <string> | [ all ]
           [ [ type = ]  (generic | specific) ]
           [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
           [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
           [ [ srcmask = ] (mask | prefix) ]
           [ [ dstmask = ] (mask | prefix) ]
           [ [ resolvedns = ] (yes | no) ]

  Displays main mode filter details from SPD.

Parameters:

  Tag         Value
  name | all -Name of the main mode filter or  all .
  type       -Type of filter to display, either specific or generic.
  srcaddr    - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr    -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  srcmask    -Source address mask or a prefix of 1 through 32.
  dstmask    -Destination address mask or a prefix of 1 through 32.
  resolvedns -Value of 'yes' displays the resolved dns name.

Remarks:  1. Default for the type parameter is  generic .
          2. Server type can be WINS, DNS, DHCP or GATEWAY.
          3. If 'all' is specified, all main mode filters are displayed.
          4. If source address or destination address is specified,
             only filters associated with that address are displayed.
          5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show mmfilter name=mmf
          2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112

ا
Usage:
  qmfilter [ name = ] <string> | [ all ]
           [ [ type = ]  (generic | specific) ]
           [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
           [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
           [ [ srcmask = ] (mask | prefix) ]
           [ [ dstmask = ] (mask | prefix) ]
           [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
           [ [ srcport = ] <port> ]
           [ [ dstport = ] <port> ]
           [ [ actioninbound = ] (permit | block | negotiate) ]
           [ [ actionoutbound = ] (permit | block | negotiate) ]
           [ [ resolvedns = ] (yes | no) ]

  Displays quick mode filter details from SPD.

Parameters:

  Tag               Value
  name             -Name of the quick mode filter.
  type             -Type of filter to display, either specific or generic.
  srcaddr          - Source ip address (ipv4 or ipv6), address range,  dns name, or server type.
  dstaddr          -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  srcmask          -Source address mask or a prefix of 1 through 32.
  dstmask          -Destination address mask or a prefix of 1 through 32.
  protocol         -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  srcport          -Source port. A value of 0 means any port.
  dstport          -Destination port. A value of 0 means any port.
  actioninbound    -Action for inbound packets.
  actionoutbound   -Action for outbound packets.
  resolvedns       -Value of 'yes' displays the resolved dns name.

Remarks:  1. If the type is not specified then both  generic  and
              specific  filters are displayed.
          2. Server type can be WINS, DNS, DHCP or GATEWAY.
          3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show qmfilter name=qmf
          2. show qmfilter all srcaddr=192.134.135.133 proto=TCP
          3. If 'all' is specified, all quick mode filters are displayed.
          4. If source or destination address name is specified,
             only filters associated with that address are displayed.


Usage:
 stats [ [type =] (all | ike | ipsec) ]

 Displays details of IPsec and IKE statistics.

Parameters:

  Tag       Value
  type     -ipsec, ike, or all (which displays both ipsec and ike)

Remarks:

Examples: 1. show stats all
          2. show stats type=ipsec

B
Usage:
  mmsas [ [ all ] ]
        [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
        [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
        [ [ format = ] (list | table) ]
        [ [ resolvedns = ] (yes | no) ]

  Displays the main mode security associations for a specified address.

Parameters:

  Tag          Value
  all         -Display all main mode security associations.
  srcaddr     - Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr     -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
  format      -Output in screen or tab-delimited format.
  resolvedns  -Value of 'yes' displays the resolved dns name.

Remarks:  1. Server type can be WINS, DNS, DHCP or GATEWAY.
          2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\             


Examples: 1. show mmsas  
all
          2. show mmsas srca=192.168.145.110 dsta=192.168.145 
.215

°
Usage:
  qmsas [ [ all ] ]
        [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
        [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
        [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
        [ [ format = ] (list | table) ]
        [ [ resolvedns = ] (yes | no) ]

  Displays the quick mode security associations for a specified address.

Parameters:

  Tag         Value
  all        -Displays all quick mode security associations.
  srcaddr    -Source ip address(ipv4 or ipv6), address range, dns name, or server type.
  dstaddr    -Destination ip address(ipv4 or ipv6), address range, dns name, or server type.
  protocol   -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. 
  format     -Output in screen or tab-delimited format.
  resolvedns -Value of 'yes' displays the resolved dns name.

Remarks:  1. Server type can be WINS, DNS, DHCP or GATEWAY.
          2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\n
Examples: 1. show qmsas all
          2. show qmsas srca=192.168.145.110 dsta=192.168.145.215

q
Usage:
  config

 Displays current settings of IPsec configuration parameters.

Remarks:

Example: show config

ï
Usage:
  rule   [ [ type = ] (transport | tunnel) ]
         [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
         [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ]
         [ [ srcmask = ] (mask | prefix) ]
         [ [ dstmask = ] (mask | prefix) ]
         [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | <integer>) ]
         [ [ srcport = ] <port> ]
         [ [ dstport = ] <port> ]
         [ [ actioninbound = ] (permit | block | negotiate) ]
         [ [ actionoutbound = ] (permit | block | negotiate) ]
         [ [ resolvedns = ] (yes | no) ]

  Displays rule details from SPD.

Parameters:

  Tag               Value
  type             -Type of rule to display, either transport or tunnel.
  srcaddr          -Source ip address (ipv4 or ipv6), address range, dns name, or server type.
  dstaddr          -Destination ip address (ipv4 or ipv6), address range, dns name, or server type.
  srcmask          -Source address mask or a prefix of 1 through 32.
  dstmask          -Destination address mask or a prefix of 1 through 32.
  protocol         -Can be ANY, ICMP, TCP, UDP, RAW, or an integer.
  srcport          -Source port. A value of 0 means any port.
  dstport          -Destination port. A value of 0 means any port.
  actioninbound    -Action for inbound packets.
  actionoutbound   -Action for outbound packets.
  resolvedns       -Value of 'yes' displays the resolved dns name.

Remarks:  1. Default for the type parameter is  transport .
          2. Server type can be WINS, DNS, DHCP or GATEWAY.
          3. If source or destination address name is specified,
             only rules associated with that address are displayed.
          4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).

Examples: 1. show rule
           - shows both transport and tunnel rules
          2. show rule type=transport srcaddr=192.134.135.133 proto=TCP

!

No. of policies        : %1!d!
-Store                  : Local Store <%1!s!>
-Store                  : Local Store <%1!s!>
.Store                  : Domain Store <%1!s!>
.Store                  : Domain Store <%1!s!>
PA&Store                  : Local Store 
'Store                  : Domain Store 
Remote Machine <%1!s!>Local Machine <%1!s!>Remote Domain <%1!s!>Local Domain <%1!s!>
Local Machine
Local Domain PA!

Policy Name            : %1!s!
PA/

Rule ID                : %1!d!,  GUID = %2!s!FilterList Name        : %1!s!
FilterList Name        : NONE
Policy Name            : %1!s!
Description            : %1!s!
Description            : NONE
Assigned               : YES
Assigned               : NO
Master PFS             : YES
Master PFS             : NO
'Polling Interval       : %1!d! minutes
"

No. of Rules           : %1!d! 

Rule Details

------------
5Assigned               : YES but AD Policy Overrides
PA 
Rule Name              : %1!s!

Rule Name              : NONE
Authentication Methods(%1!d!)
Tunnel Dest IP Address : Connection Type        : ALL
Connection Type        : LAN
!Connection Type        : DIAL UP
PAConnection Type        : NONE

FilterList Details
------------------
0
No FilterList exists in Default Response Rule

FilterAction Details
---------------------

No of Transport rule(s): %1!d!
No of Tunnel rule(s)   : %1!d!Activated              : YES
Activated              : NO
’Activated              : YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
PAFilterAction Name      : %1!s!
FilterAction Name      : NONE
 Action                 : PERMIT
Action                 : BLOCK
,Action                 : NEGOTIATE SECURITY
AllowUnsecure(Fallback): YES
AllowUnsecure(Fallback): NO
Inbound Passthrough    : YES
Inbound Passthrough    : NO
No. of Security.Methods: %1!d!8 AH                  ESP                 LIFE (Sec/kB) 
8 --                  ---                 ------------- 
QMPFS                  : YES
QMPFS                  : NO 
	KERBEROS
Root CA       : %1!s!
Preshared Key : %1!s!
NONE
 
FilterList Name        : %1!s!

FilterList Name        : NONE
No. of Filters         : %1!d!

Filter(s)

---------
GUID                   : %1!s!
Last Modified          : %1!s!
)Source DNS Name        : <My IP Address>
Source DNS Name        : %1!s!
*Source DNS Name        : <Any IP Address>
1Source DNS Name        : <A Specific IP Address>
0Source DNS Name        : <A Specific IP Subnet>
Source DNS Name        : NONE
)Destination DNS Name   : <My IP Address>
Destination DNS Name   : %1!s!
*Destination DNS Name   : <Any IP Address>
1Destination DNS Name   : <A Specific IP Address>
0Destination DNS Name   : <A Specific IP Subnet>
Destination DNS Name   : NONE
Mirrored               : YES
Mirrored               : NO
+Source DNS Name        : %1!s! resolves to +Destination DNS Name   : %1!s! resolves to +Source DNS Name        : < DNS SERVER >   
-Source DNS Name        : < WINS SERVER >    
,Source DNS Name        : < DHCP SERVER >   
-Source DNS Name        : < DEFAULT GATEWAY >
-Destination DNS Name   : < DNS SERVER >     
-Destination DNS Name   : < WINS SERVER >    
,Destination DNS Name   : < DHCP SERVER >   
-Destination DNS Name   : < DEFAULT GATEWAY >
	%1!-15s!	%1!s!PA%1!s!

, ... , PA*Source IP Address      : <My IP Address> 
+Source IP Address      : <Any IP Address> 
Source IP Address      : Source Mask            : *Destination IP Address : <My IP Address> 
+Destination IP Address : <Any IP Address> 
Destination IP Address : Destination Mask       : Source Port            : %1!d!
Source Port            : ANY
Destination Port       : %1!d!
Destination Port       : ANY
 resolves to %1!s!
 <DNS Look up failed>
+Source IP Address      : < DNS SERVER >   
-Source IP Address      : < WINS SERVER >    
,Source IP Address      : < DHCP SERVER >   
-Source IP Address      : < DEFAULT GATEWAY >
-Destination IP Address : < DNS SERVER >     
-Destination IP Address : < WINS SERVER >    
,Destination IP Address : < DHCP SERVER >   
-Destination IP Address : < DEFAULT GATEWAY >
%Source Port Range      : %1!d!-%2!d!
%Destination Port Range : %1!d!-%2!d!
PAProtocol               : ICMP
Protocol               : TCP
Protocol               : UDP
Protocol               : RAW
Protocol               : ANY
Protocol               : %1!d!
PA Main Mode Security Method Order
CMainMode LifeTime      : %1!d! minutes / %2!d! Quick Mode sessions
)  Encryption     Integrity      DH Group
(  ----------     ---------      --------
    DES       
    3DES          SHA1          MD5           Low(1)             Medium(2)          2048           PA>

Source Machine             : Local Computer GPO for <%1!s!>
%

Source Domain              : %1!s!
#DC Name                    : %1!s!
#GPO Name                   : %1!s!
#Local IPsec Policy Name    : %1!s!
#AD IPsec Policy Name       : %1!s!
#GPO DN                     : %1!s!
#GPO OU Link                : %1!s!
#AD Policy DN               : %1!s!
>Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
!Local IPsec Policy DN    : %1!s!
"Local IPsec Policy Name    : NONE
"AD IPsec Policy Name       : NONE
#IPsec Policy Name          : %1!s!
#IPsec Policy DN            : %1!s!
!IPsec Policy Assigned      : YES
$          Exclude CA name     : YES
#          Exclude CA name     : NO
$          Certmapping enabled : YES
PA#          Certmapping enabled : NO
PA!

No. of policies        	 %1!d!
!

No. of policies        : %1!d!
-Store                  	 Local Store <%1!s!>
-Store                  	 Local Store <%1!s!>
.Store                  	 Domain Store <%1!s!>
.Store                  	 Domain Store <%1!s!>
%Store                  	 Local Store
&Store                  	 Domain Store
Cert To Account Mapping	 YES
Cert To Account Mapping	 NO
!

Policy Name            	 %1!s!
!

Rule Name              	 %1!s!
No Policy Name Specified
PA/

Rule ID                	 %1!d!,	GUID =	%2!s!
	%1!-23s!	Policy Name            	 %1!s!
Description            	 %1!s!
Description            	 NONE
Assigned               	 YES
Assigned               	 NO
Master PFS             	 YES
Master PFS             	 NO
'Polling Interval       	 %1!d! minutes
"

No. of Rules           	 %1!d! 

			 Rule Details
			 ------------
5Assigned               	 YES but AD Policy Overrides
B

Policy Name                     	Rules	    LastModified 	Assign
	%1!-32s!	YES but AD Policy Overrides
  YES  
  NO   
@----------                      	-----	    ------------ 	------
8Policy Name                     	Rules	    LastModified
8-----------                     	-----	    ------------
Rule Name              	 %1!s!
Rule Name              	 NONE
Authentication Methods (%1!d!)
A
Enabled	     FilterList   	   FilterAction     	  AuthenticationA
-------	     ----------   	   ------------     	  --------------Tunnel Dest IP Address 	 NONE
Tunnel Dest IP Address 	 Connection Type        	 ALL
Connection Type        	 LAN
!Connection Type        	 DIAL UP
!Connection Type        	 UNKNOWN

FilterList Details
------------------

FilterAction Details
--------------------
Activated              	 YES
Activated              	 NO
Rule Name              	 NONE
	
  YES  		
   NO  	       NONE        	 Kerb Cert Pre
No of Transport rule(s)	 %1!d! 

No of Tunnel rule(s)   	 %1!d!PA?
Enabled	     FilterList   	   FilterAction     	TunnelEndPoint?
-------	     ----------   	   ------------     	--------------
  YES  	
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
’Activated              	 YES
Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
PAFilterAction Name      	 %1!s!
FilterAction Name      	 NONE
 Action                 	 PERMIT
Action                 	 BLOCK
,Action                 	 NEGOTIATE SECURITY
InBound PassThrough    	 YES
InBound PassThrough    	 NO
AllowUnSecure(Fallback)	 YES
AllowUnSecure(Fallback)	 NO
Security Methods       
+  AH 	    ESP        	Seconds 	    kBytes 
+  -- 	    ---        	------- 	    ------ 
QMPFS                  	 YES
QMPFS                  	 NO 
?FilterAction Name                 	Action     	  Last Modified
?-----------------                 	------     	  -------------
	%1!-38s!	           NONE          	
PERMIT   	
BLOCK    	
NEGOTIATE	
NONE     		%1!-23s!
	%1!-23s!	PA[MD5 ]	[SHA1]	[NONE]	[NONE , NONE]	[MD5  ,[SHA1 ,[NONE , DES ]	 3DES]	 NONE]	PA%1!6u!  	%2!10u! 
	KERBEROS
ROOT CA                	 %1!s!
PRESHARED Key          	 %1!s!
NONE
 
FilterList Name        	 %1!s!

FilterList Name        	 NONE

Filter(s)
JFilterList Name                           	Filters	     Last Modified    
J---------------                           	-------	     -------------    
GUID                   	 %1!s!
Last Modified          	 %1!s!
No. of Filters         	 %1!d!
	%1!-45s!	PANONE	%1!s!
	 %1!5d! 	           NONE          	YES 	NO  	]Mir 	    Source     	   SrcMask     	  Destination  	    DstMask    	 Proto 	SrcPort	DstPort
]--- 	 ------------- 	 ------------- 	 ------------- 	 ------------- 	-------	-------	-------
<  My IP Addr >	< Any IP Addr >		  %1!3d!	  ANY 		  %1!3d!
  ANY 
   DNS SERVER  	  WINS SERVER  	  DHCP SERVER  	DEFAULT GATEWAY	  %1!3d!-%2!3d!	  %1!3d!-%2!3d!
 ICMP 	 TCP 	 UDP 	 RAW 	 ANY 	OTHER	PA Main Mode Security Method Order
CMainMode LifeTime      	 %1!d! minutes / %2!d! Quick mode sessions
   Encryption	Integrity	DH Group
  ----------	---------	--------
     DES 	
     3DES	   SHA1	   MD5 	        Low(1)           Medium(2)        2048     PA

Stand Alone FilterAction(s)
---------------------------
+
No. of Standalone FilterActions  	 %1!d!

PA
Stand Alone FilterList(s)
-------------------------
(
No. of Standalone FilterLists  	 %1!d!
PA!
No. of FilterLists     	 %1!d!

!
No. of FilterLists     : %1!d!

!
No. of FilterActions   	 %1!d!

PA!
No. of FilterActions   : %1!d!

PAEThe policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N) 
iWould you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N) 
!Delete all the Filter Lists from ? (Y/N)
PA#Delete all the Filter Actions from ? (Y/N)
PAdWould you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N) 
)Are you sure to delete all policies from ? (Y/N)
PA*

Following policies/rule(s) are using it
(---------------------------------------
	Rule Name      : %1!s!
	Rule Name      : NONE
PA-Life should be within %1!d! and %2!d! kBytes
PA/New Policy is created and updated successfully
)Creating new Policy with name '%1!s!'...
CCreating new Policy with name '%1!s!' and setting it to '%2!s!'...
PA/Life  should be with in %1!d! and %2!d! kBytes
.Destination IP address has been taken as 'me'
)Source IP address has been taken as 'me'
.New Rule was created and updated successfully
(Creating new Rule with name '%1!s!' ...
BCreating new Rule with name '%1!s!' and setting it to '%2!s!' ...
jServer address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
.Would you like to create a new policy? (Y/N) 
sCertificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
Cert To Account Mapping: YES
Cert To Account Mapping: NO
AIf store is domain and assign is specified, GPO name is required
OIf GPO name is specified, then you must be operating on a domain policy store.
,Would you like to create a new Rule? (Y/N) 

IKE MM Policy Name     : %1!s!<My IP Address> <Any IP Address>%1!s!
PA	 ICMP    	 TCP     	 UDP     	 RAW     	 ANY     $
IKE Soft SA Lifetime   : %1!u! secsWINS SERVER     DHCP SERVER     DNS SERVER      DEFAULT GATEWAY  [%1!S!]PAEThe 'Netsh ipsec' context is not compatible with the target machine.
PA!Mainmode Policies not available.
PA(Specified Mainmode Policy not available
?
Encryption Integrity  DH   Lifetime (Kb:secs)  QM Limit Per MM?
---------- --------- ----  ------------------  ---------------	 NONE    
 DES      
 UNKNOWN  
 3DES     
  NONE    
  MD5     
  SHA1    0  %1!-5lu!     %2!lu!:%3!lu!          %4!-10lu! 0  %1!-5lu!     %2!lu!:%3!lu!          1 (MMPFS) PA"Quickmode Policies not available.
)Specified Quickmode Policy not available
#
QM Negotiation Policy Name : %1!s!=
    Security Methods       Lifetime (Kb:secs)   PFS DH Group>
------------------------- --------------------- ------------
 AH[MD5]                  AH[SHA1]                 AH[NONE]                
 ESP[ DES,
 ESP[ ERR,
 ESP[3DES,
 ESP[NONE,MD5]           SHA1]          NONE]           Low (1)           <Unassigned>      %1!10lu!:%2!-10lu! Main Mode Derived High (2048)       AH[ERR]                 ERR]            ERROR                  	 AH[MD5] 	 AH[SHA1]	 AH[NONE]	 AH[ERR] MD5] SHA1]NONE]ERR] + Medium (2)        

Filter name            : %1!s!PA(Generic Mainmode Filters not available.
)Specific Mainmode Filters not available.
)Specified Mainmode Filter not available.

Main Mode Filters: Generic P
-------------------------------------------------------------------------------	Specific 	Outbound Inbound 
Weight                 : %1!d!

%1!d! Generic Filter(s)#

%1!d! Specific Outbound Filter(s)"

%1!d! Specific Inbound Filter(s)PA ALL     LAN     DIALUP UNKNOWN  Unknown
Connection Type        :
Authentication Methods :
	Preshared key

	Kerberos
Security Methods       : %1!d!	(default)	NONE/	DES/		UNKNOWN/	3DES/PANONE/MD5/SHA1/DH%1!lu!/%2!lu!/QMlimit=%3!lu! 
	PA)Generic Quickmode Filters not available.
*Specific Quickmode Filters not available.
*Specified Quickmode Filter not available.
 
Quick Mode Filters(Transport): 
Transport Rules 
Tunnel Rules 
MM Filter Name         : %1!s!
QM Filter Name         : %1!s!
Main Mode Policy       : %1!s!

%1!d! Transport Filter(s)


%1!d! Tunnel Filter(s)


Quick Mode Filters(Tunnel): Rules not available.
PA"
Inbound Action         : Passthru#
Inbound Action         : Negotiate"
Inbound Action         : Blocking!
Inbound Action         : Unknown"
Outbound Action        : Passthru#
Outbound Action        : Negotiate"
Outbound Action        : Blocking!
Outbound Action        : Unknown  %1!-5lu!  
Tunnel Source          : 
Tunnel Destination     : )Src Port: %1!-4lu!   Dest Port: %2!-4lu! PA
Mirrored               : yes
Mirrored               : no
Quick Mode Policy      : %1!s!
Protocol               :
IKE Statistics
-------------- 

IKEStatistics not available.
$
Main Modes                  : %1!S!$
Quick Modes                 : %1!S!$
Soft SAs                    : %1!S!$
Authentication Failures     : %1!S!$
Active Acquire              : %1!S!$
Active Receive              : %1!S!$
Acquire fail                : %1!S!$
Receive fail                : %1!S!$
Send fail                   : %1!S!PA$
Acquire Heap size           : %1!S!$
Receive Heap size           : %1!S!$
Negotiation Failures        : %1!S!$
Invalid Cookies Rcvd        : %1!S!$
Total Acquire               : %1!S!$
TotalGetSpi                 : %1!S!$
TotalKeyAdd                 : %1!S!$
TotalKeyUpdate              : %1!S!$
GetSpiFail                  : %1!S!$
KeyAddFail                  : %1!S!$
KeyUpdateFail               : %1!S!$
IsadbListSize               : %1!S!$
ConnListSize                : %1!S!%
Invalid Packets Rcvd        : %1!S!


IPsec Statistics
----------------
PA 
IPsecStatistics not available.
$
Active Assoc                : %1!S!$
Offload SAs                 : %1!S!$
Pending Key                 : %1!S!$
Key Adds                    : %1!S!$
Key Deletes                 : %1!S!$
ReKeys                      : %1!S!$
Active Tunnels              : %1!S!$
Bad SPI Pkts                : %1!S!$
Pkts not Decrypted          : %1!S!$
Pkts not Authenticated      : %1!S!$
Pkts with Replay Detection  : %1!S!$
Confidential Bytes Sent     : %1!S!$
Confidential Bytes Received : %1!S!$
Authenticated Bytes Sent    : %1!S!$
Authenticated Bytes Received: %1!S!$
Transport Bytes Sent        : %1!S!$
Transport Bytes Received    : %1!S!$
Offloaded Bytes Sent        : %1!S!%
Offloaded Bytes Received    : %1!S!
$
Bytes Sent In Tunnels       : %1!S!$
Bytes Received In Tunnels   : %1!S!
Cookie Pair            : %1!02x!
Sec Methods            : NONEDES3DESUNKNOWNMD5SHA1/%1!d!/%2!d!PA
Auth Mode              : 
Preshared Key
DSS Signature
RSA SignatureRSA EncryptionKerberos
Source                 : , port %1!d!
ID                     : 
ID                     : %1!s!
Destination            : Q
Destination                                                 SecurityMethods     Q
                                                            Date/Time Created   Q
--------------------------------------------------------  ---------------------- [ID:%1!-35s!]  
DNS: %1!-51S!PA [ID:%1!-35s!]  
Issuing CA             :%1!s!
Thumbprint             :%1!02x!:/*                                          
  Root CA              : %1!s!%S(  )
Root CA        : %1!s!4IPsec MainMode Security Associations not available.

IKE Main Mode SAs at %1!s!8Specified MainMode Security Associations not available.


Quick Mode SAs
--------------
5IPsec QuickMode Security Associations not available.
9Specified QuickMode Security Associations not available.
PA
Transport Filter

Tunnel Filter
	
Unknown

Policy Name            : %1!s!
Source Address         : 
Destination Address    :  
Protocol               : %1!lu!
Source Port            : %1!u!
Destination Port       : %1!u!!
Direction              : Inbound"
Direction              : Outbound
Direction              : Error

Offer Used  

Protocol               : ICMP
Protocol               : TCP
Protocol               : UDP
Protocol               : RAW/
  AH(b/r)   ESP Con(b/r) ESP Int  PFS DH Group/
---------- ------------- -------  ------------
Encapsulation Type     : IKE
Encapsulation Type     : Other
Source UDP Encap port  : %1!u!
Dest UDP Encap port    : %1!u!
Peer Private Addr      : 
Protocol               : ANY  () 
IPsec Configuration Parameters
------------------------------
XIPsecDiagnostics       : %1!d![Not valid for Windows Vista and later operating systems]
YIKElogging             : %1!d! [Not valid for Windows Vista and later operating systems]
StrongCRLCheck         : %1!d!
XIPsecloginterval       : %1!d![Not valid for Windows Vista and later operating systems]
XNLBSFlags              : %1!d![Not valid for Windows Vista and later operating systems]
XFlags                  : %1!d![Not valid for Windows Vista and later operating systems]
IPsecexempt            : %1!d!
X2048DHGroupId          : %1!d![Not valid for Windows Vista and later operating systems]
8IPsec Diagnostic Level is out of range. Range is 0 - 7.
-IKE Logging is out of range. Range is 0 - 1.
8Strong CRL Check Level is out of range. Range is 0 - 2.
9IPsec Log Interval is out of range. Range is 60 - 86400.
7IPsec Exemption Level is out of range. Range is 0 - 3.
:(Some of the IPsec Configuration parameters are not set).
Boot Mode              : StatefulBlockPermit
UDP       
TCP       
ICMP      
RAW       
ANY       
%1!3d!       %1!5d!     InboundOutbound No bootmode exemptions
Boot Mode Exemptions   :(Protocol  Src Port  Dst Port  Direction
(--------- --------- --------- ---------
*A maximum of 1024 exemptions are allowed.
. MD5(%1!02lu!/%2!-02lu!)  None         None   .SHA1(%1!02lu!/%2!-02lu!)  None         None   !  None       None         None   &  None       DES (%1!02lu!/%2!-02lu!)   None       Unknown     &  None       3DES(%1!02lu!/%2!-02lu!)   None       None         MD5    PA SHA1    None     None  certmap
excludecanameyesnoPAERR Win32[%1!05d!] : %2!s!ERR IPsec[%1!05d!] :                 : ,ERR Win32[%1!05d!] : Invalid Win32 Err Code
/One or more essential parameters not specified
>Arguments are not matching. Check help for the correct syntax
No Policies in Policy Store
Unable to open Policy Store
"No Filter Actions in Policy Store
 No Filter Lists in Policy Store
2Policy with name %1!s! not exists in Policy Store
%Internal Error, Invalid Switch Case.
+Invalid Parameter for the Argument '%1!s!'
 IP Address specified is invalid
1DNS lookup failed for the given dns name '%1!s!'
)'%1!s!' not a valid tag for this context
'%1!s!' tag already present
<GPOname cannot be specified without argument 'assign = y/n'
2Tag 'Name' or 'GUID' needed for the given command
'%1!s!' tag is needed
4'%1!s!' is not a valid argument for the tag '%2!s!'
'Prefix should be between 1 and 32 only
$'%1!s!' is not a valid Mask/Prefix 
The argument supplied is null
cThe 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
ZThe 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only 
 The Rekey Unit (k/s) is invalid
!Invalid HASH algorithm specified
Incomplete ESP specified
'Duplicate Algo's specified for '%1!s!'
None and None not allowed
>Invalid IPsec protocol specified. It should be ESP or AH only
'Max Number of OFFERS[%1!d!] is crossed
ZInvalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
5Invalid Lifetime or Data specification for QMOffers.
)Invalid PFS Group specified for MMOFFER 
P1 Group missing
Invalid MMOFFER is specified
/File name should contain .ipsec extension only
'%1!s!' and ALL not allowed
Preshared key not specified
!Invalid Authmethod is specified 
Invalid Certificate specified
@Multiple '%1!s!' parameters are specified. Only one is allowed.
The Port specified is invalid.
#No of arguments are more,truncated
Invalid QMOFFER specified
Invalid Tunnel IP specified
EProtocol can't be specified without source and destination addresses
!Subnet mask specified is invalid
-Non-tagged arg can only be machine or domain
JERR WIN32[00014] : There is not enough memory to complete this operation.
FThe Port specified is invalid. It should be in less than '%1!d!' only
PAMissing Policy Name
:Polling Interval should be within %1!d! and %2!d! minutes
:Quickmode limit should be within %1!d! and %2!d! sessions
2Lifetime should be within %1!d! and %2!d! minutes
(Policy with name '%1!s!' already exists
)Error while adding Default Response Rule
/Error while creating  Policy with name '%1!s!'
^Error while creating policy with name '%1!s!' due to failure in loading default auth methods 
Missing FilterList Name
,FilterList with name '%1!s!' already exists
2Error while creating FilterList with name '%1!s!'
Invalid GUID specified
PA*Error while creating the specified Filter
.FilterAction with name '%1!s!' already exists
4Error while creating FilterAction with name '%1!s!'
ٹInpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
=Atleast One Quick mode Security method needs to be specified
Missing Rule Name
Missing FilterAction Name
(Policy with name '%1!s!' does not exist
8Rule with name '%1!s!' already exists in policy '%2!s!'
.FilterAction with name '%1!s!' does not exist
+No Filters in FilterList with name '%1!s!'
,Error while creating Rule with name '%1!s!'
Missing Rule Name or Rule ID
&Policy with GUID %1!s! does not exist
PA,FilterAction with GUID %1!s! does not exist
[Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
&Certificate decoding operation failed
DPolicy with name '%1!s!' does not exist in current machine's domain
$Invalid Tunnel IP Address Specified
,FilterList with name '%1!s!' does not exist
BServers cannot be specified for both source and destination sides
*FilterList with GUID %1!s! does not exist
No Directory Service available
AGPO with name '%1!s!' does not exist in current machine's domain
^Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
2Error while updating the Policy with name '%1!s!'
0Error while updating the Policy with GUID %1!s!
PAbError while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
2Error while updating FilterList with name '%1!s!'
0Error while updating FilterList with GUID %1!s!
4Error while updating FilterAction with name '%1!s!'
2Error while updating FilterAction with GUID %1!s!
8Rule with name '%1!s!' does not exist in Policy '%2!s!'
,Error while updating rule with name '%1!s!'
TDefault rule cannot be updated with this command. Use the 'set defaultrule' command
4Rule with ID %1!d! does not exist in Policy '%2!s!'
Invalid Rule ID Specified
>Error while updating Default Rule of Policy with name '%1!s!'
No file name specified
Invalid File / Path name
Error while importing policies
PAError while exporting policies
'Error while restoring default policies
3This command is only available for the local store
=Invalid Domain Name. Domain with name '%1!s!' does not exist
'Your machine is not a member of domain
PA.Error while deleting Policy with name '%1!s!'
No Policy with name '%1!s!'
.FilterList with name '%1!s!' cannot be deleted1Error while deleting FilterList with name '%1!s!' No FilterList with name '%1!s!'
PANFilter with the specified spec does not exist in FilterList with name '%1!s!'
YError while updating FilterList with name '%1!s!' after deletion of the specified filter
0FilterAction with name '%1!s!' cannot be deleted3Error while deleting FilterAction with name '%1!s!'"No FilterAction with name '%1!s!'
,Error while deleting Rule with name '%1!s!'
(Error while deleting Rule with ID %1!d!
(Default Response Rule cannot be deleted
No Rule with name '%1!s!'
No Rule with ID %1!d!
No Policy name specified
No policy with name '%1!s!'
?Error while extracting NegPol info of Policy with name '%1!s!'
?Error while extracting Filter info of Policy with name '%1!s!'
?Error while extracting ISAKMP info of Policy with name '%1!s!'
No Rule with name '%1!s!'
No Rule with ID %1!d!
No currently assigned Policy
%No FilterList exists in Policy Store
'No FilterAction exists in Policy Store
8Either invalid GPO name or no currently assigned policy
5A name must be specified when using the domain store
$Invalid Source IP Address specified
!Invalid Source IP/Mask specified
AAddress Conflict. Source and Destination cannot have same IP/DNS
Invalid server specified
Server needs to be specified
)Invalid destination IP Address specified
#Invalid destination mask specified
9Invalid Newname. Policy with name '%1!s!' already exists
7Invalid Newname. Rule with name '%1!s!' already exists
=Invalid Newname. Filterlist with name '%1!s!' already exists
?Invalid Newname. Filteraction with name '%1!s!' already exists
4If a type is specified, 'all' needs to be specified
.Internal error occurred during this operation
-No Tunnel type rules exist in policy '%1!s!'
bUpdating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
APolicy with name '%1!s!' has READONLY attribute. Updation denied
7Specified Rule has READONLY attribute. Updation denied
GFilteraction with name '%1!s!' has READONLY attribute. Updation denied
EFilterList with name '%1!s!' has READONLY attribute. Updation denied
APolicy with name '%1!s!' has READONLY attribute. Deletion denied
?Rule with name '%1!s!' has READONLY attribute. Deletion denied
PAGFilteraction with name '%1!s!' has READONLY attribute. Deletion denied
EFilterList with name '%1!s!' has READONLY attribute. Deletion denied
4No name can be specified when using the local store
WDefault response rule is not supported on Windows Vista and later versions of Windows.
PAPQMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
L
Port number valid for TCP or UDP protocols, continuing without PortNumber.
#Specified QMPolicy does not exist.
*Specified MainMode Policy does not exist.
PQMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
bCannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
+Mirror = Yes is not valid for Tunnel Rule.
*Specified MainMode Filter does not exist.
+Specified Transport Filter does not exist.
(Specified Tunnel Filter does not exist.
%MainMode Policies are not available.
&QuickMode Policies are not available.
4MainMode Policy with the given name already exists.
5QuickMode Policy with the given name already exists.
PA*Specified MainMode Policy does not exist.
#Specified QMPolicy does not exist.
PAMainMode Filters do not exist.
BSpecified MainMode Filter does not exist and Policy is not found.
bSpecified MainMode Policy either does not exist or not associated with specified MainMode Filter.
*Specified MainMode Filter does not exist.
 QuickMode Filters do not exist.
PACSpecified QuickMode Filter does not exist and Policy is not found.
]Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
+Specified QuickMode Filter does not exist.
%Authentication method(s) being used.
/%1!d! MMFilter object(s) could not be deleted.
7%1!d! Transport Filter object(s) could not be deleted.
4%1!d! Tunnel Filter object(s) could not be deleted.
.The IPsec Policy Agent service is not active.
,
Policy Agent service successfully started.
=
Wrong token from Parser, Should be either IPSEC, IKE or ALL.+
Invalid AddressType received from Parser.
/Source and Destination both cannot be Servers.
=Tunnel Source and Tunnel Destination both cannot be Servers.
¸4VS_VERSION_INFO½ï‏@°@°?StringFileInfoٍ040904B0LCompanyNameMicrosoft Corporationj!FileDescriptionNet Shell IP Security helper DLLl&FileVersion6.1.7600.16385 (win7_rtm.090713-1255):
InternalNamenshipsec.dll€.LegalCopyright© Microsoft Corporation. All rights reserved.JOriginalFilenamenshipsec.dll.muij%ProductNameMicrosoft® Windows® Operating SystemBProductVersion6.1.7600.16385DVarFileInfo$Translation	°PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Anon7 - 2022
AnonSec Team