Enabling and disabling the IPsec enforcement client

To enable and disable the IPsec enforcement client by using the Windows interface

To open the NAP Client Configuration console, click Start, click All Programs, click Accessories, click Run, type NAPCLCFG.MSC, and then click OK.
Click Enforcement Clients.
Right-click IPsec Relying Party, and then click Enable or Disable.

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
You must have Internet Protocol security (IPsec) policies and domain isolation deployed in your organization to enforce network access restriction with the IPsec enforcement client.

To enable and disable the IPsec enforcement client by using a command line

To open a command prompt, click Start, click All Programs, click Accessories, and then click Command Prompt.
To enable or disable the IPsec enforcement client, do one of the following:
1. To enable the IPsec enforcement client, type: netsh nap client set enforcement ID = 79619 ADMIN = "ENABLE"
2. To disable the IPsec enforcement client, type: netsh nap client set enforcement ID = 79619 ADMIN = "DISABLE"

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
You must have IPsec policies and domain isolation deployed in your organization to enforce network access restriction with the IPsec enforcement client.

Additional references