Event ID 5456
IPsec Policy Agent applied Active Directory storage IPsec policy on the computer.IPsec Policy Agent applied Active Directory storage IPsec policy on the computer. Policy DN: %1
The PAStore Engine (Policy Agent Store Engine) is the internal component of the IPsec Policy Agent service (PolicyAgent) responsible for retrieving, caching, and applying IPsec policies to the local machine. It polls for policy changes on a configurable interval and applies the active policy from whichever source is authoritative — Active Directory, the local registry, or a locally cached copy of the AD policy.
Enable when you need to audit IPsec policy application compliance — confirming that domain-assigned IPsec policies are being successfully retrieved and applied across managed machines. Particularly useful in environments running domain isolation or server isolation via IPsec, where failure to apply the correct policy results in connectivity gaps.
Each event represents one successful Group Policy IPsec policy application. On a standard workstation this occurs at boot and at each Group Policy refresh interval (every 90–120 minutes by default, plus a random offset). On a Domain Controller processing many client refreshes the volume remains low because 5456 is logged *per-computer* only when that computer's own IPsec policy is applied — not for each client it serves. Expect roughly **10–20 events per day per machine** in typical environments with active IPsec policy.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"Filtering Platform Policy Change"
LEFT/RIGHT arrow keys for navigation
Back to List