IPsec Policy Agent (PolicyAgent) Service Defaults in Windows 7

Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.

Default Settings

Startup type:Manual
Display name:IPsec Policy Agent
Service name:PolicyAgent
Service type:share
Error control:normal
Object:NT Authority\NetworkService
Path:%SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
File:%SystemRoot%\System32\ipsecsvc.dll
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
Privileges:
  • SeAuditPrivilege
  • SeChangeNotifyPrivilege
  • SeCreateGlobalPrivilege
  • SeImpersonatePrivilege

Default Behavior

IPsec Policy Agent is a Win32 service. In Windows 7 it won't be started if the user doesn't start it. When the IPsec Policy Agent service is started, it is running as NT Authority\NetworkService in a shared process of svchost.exe. Other system components, such as drivers and services, may run in the same process. If IPsec Policy Agent fails to start, Windows 7 attempts to write the failure details into Event Log. Then Windows 7 startup should proceed and the user should be notified that the PolicyAgent service is not running because of the error.

Dependencies

IPsec Policy Agent is unable to start, if at least one of the following services is stopped or disabled:

Restore Default Startup Configuration for IPsec Policy Agent

Before you begin doing this, make sure that all the services on which IPsec Policy Agent depends are configured by default and function properly. See the list of dependencies above.

1. Run the Command Prompt as an administrator.

2. Copy the command below, paste it into the command window and press ENTER:

sc config PolicyAgent start= demand

3. Close the command window and restart the computer.

The PolicyAgent service is using the ipsecsvc.dll file that is located in the %WinDir%\System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 7 installation media.