I want to be able to add or remove IP Security Policies on Windows Server 2003 programmatically with C#.
Normally you'd manipulate these policies manaully through the gpedit.msc snap-in (under Windows Settings -> Local Policies -> IP Security Policies on Local Computer). But I need to be able to add IP filter policies through code.
Any ideas on how to do this?
You could use System.Diagnostics.Process and run "cmd.exe" with the ipsec command as the arguments.
Another resource you can try is Microsoft's website or Google.
I've been dealing with this issue for about two weeks, and, unfortunately, you have two options, depending on the depth of control you need:
1) Direct manipulation with WMI. Counter-intuitively, this actually exposes LESS control than option #2 (which is what I am doing myself). This is all done through the Win32_NetworkAdapterConfiguration class. Here's a link to the question I asked about this, with my response to it awhile later after researching it:
http://stackoverflow.com/questions/1609882/methods-of-programatically-altering-ipsec-rules-with-c
This exposes less functionality because you can only control three things through IPsec for the adapters: TCP ports, UDP ports, IP Protocols. (You cannot deal with multiple policies, different subnet masks, etc.)
2) Wrapping netsh ipsec to do all your dirty work. This is the way to go, as powershell (which can be invoked through the PowerShell class in System.Management.Automation) is currently lacking a cmdlet to do IPSec changes.
http://stackoverflow.com/questions/1703205/is-there-a-cmdlet-in-powershell-2-to-handle-ipsec-changes
Wrapping netsh ipsec THROUGH a powershell pipeline called through System.Management.Automation.PowerShell is what I ended up doing.
Use either System.Diagnostics.Process to spawn and control a shell, or use the PowerShell class as mentioned above. Either should get the job done.
NOTE If you switch to 2008 at some point, note that netsh ipsec is deprecated, and make sure to use netsh advfirewall instead.
Good luck!