Hi: i have a single server (Server 2008) that i need my clients (Windows 7 ) to be forced to talk to using IPSEC. Can i configure the IPSEC policies on Windows 7 machines to ONLY initiate and negotiate IPSEC when contacting this server ?ammarhasayen

Yes, you simply specify the address of your server in the connection security rule using the custom or server-to-server rule type /Hasain

You are going about it wrong. Rather than configuring the client, why would you not configure this at the server (where the data lays) If you need IPSec, force all connections to use IPSec or configure that the specific client IP If one needs to use IPSec, to be honest, there is probably a case that all should use IPSec Brian

Please consider the server isolation scenario described in the Windows Firewall with Advanced Security Design and Deployment Guide http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17077. /Hasain