nshipsec.dll.mui 網路殼層 IP 安全性協助程式 DLL d7c695c4c7d2d3d4db718b78476ea715

File name:	nshipsec.dll.mui
Size:	131584 byte
MD5:	d7c695c4c7d2d3d4db718b78476ea715
SHA1:	16d7a571e8de51c22b408f97a55143584509eb52
SHA256:	f911dd1d99cc64c950e1939ac7d54e2b864d5793dc36367df95872ddbf9f65ac
Operating systems:	Windows 10
Extension:	MUI

If an error occurred or the following message in Chinese (Traditional) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id	Chinese (Traditional)	English
11110	從原則存放區匯出所有規則。	Exports all the policies from the policy store.
11111	將原則從檔案匯入到原則存放區。	Imports the policies from a file to the policy store.
11112	還原預設範例規則。	Restores the default example policies.
11150	使用方式: exportpolicy [ file = ] 將所有原則匯出到檔案。 參數: 標記 值 name -要做為原則匯出目的地之檔案的名稱。 備註: 在預設情況下會新增 .ipsec 副檔名到檔案名稱。 範例: exportpolicy Policy1	Usage: exportpolicy [ file = ] Exports all the policies to a file. Parameters: Tag Value name -Name of the file into which the policies are exported. Remarks: .ipsec extension is by default added to the filename. Examples: exportpolicy Policy1
11151	使用方式: importpolicy [ file = ] 從指定檔案匯入原則。 參數: 標記 值 name -匯入原則的檔案名稱。 備註: 範例: importpolicy Policy1.ipsec	Usage: importpolicy [ file = ] Imports policies from the specified file. Parameters: Tag Value name -Name of the file from which the policies are imported. Remarks: Examples: importpolicy Policy1.ipsec
11152	使用方式: restorepolicyexamples [release = ] (win2k | win2003) 還原預設原則。 參數: 標記 值 release -OS 發行類型，預設原則範例。 備註: 這個命令只能套用在本機電腦原則存放區上。 範例: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k	Usage: restorepolicyexamples [release = ] (win2k | win2003) Restores the default policies. Parameters: Tag Value release -OS release type, for default policies examples. Remarks: This command is only valid for the local computer policy store. Examples: 1. restorepolicyexamples release=win2003 2. restorepolicyexamples release=win2k
11200	建立原則和相關資訊。	Creates new policies and related information.
11210	建立有預設回應規則的原則。	Creates a policy with a default response rule.
11211	建立清空的篩選器清單。	Creates an empty filter list.
11212	建立篩選器動作。	Creates a filter action.
11213	為指定的原則建立規則。	Creates a rule for the specified policy.
11214	新增篩選器到篩選器清單。	Adds a filter to filter list.
11250	使用方式: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 使用指定的名稱建立原則。 參數: 標記 值 name -原則的名稱。 description -原則的簡短資訊。 mmpfs -設定主圖形完整轉送密碼的選項。 qmpermm -每一個 IKE 主要模式工作階段中的快速模式工作階段數。 mmlifetime -IKE 主要模式的重新輸入時間 (以分鐘計)。 activatedefaultrule -啟用或停用預設的回應規則。只有在 Windows Vista 之前的 Windows 版本才有效。 pollinginterval -原則代理的輪詢間隔 (以分鐘計)，每隔指定的時間會檢查 原則存放區的變更。 assign -將原則指派為使用或不使用。 mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多個 以空格分隔的安全方式清單，其中 ConfAlg 可以是 DES 或 3DES，而 HashAlg 可以是 MD5 或 SHA1。 GroupNum 可以是 1 (Low)、2 (Med)、3 (DH2048)。 備註: 1. 如果指定了 mmpfs，qmpermm 會設定成 1。 2. 如果存放區是 'domain'，則 ‘assign’ 將無效。 3. 不建議使用 DES 與 MD5。這些密碼編譯演算法僅提供為 回溯相容性之用。 範例: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"	Usage: policy [ name = ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] (yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Creates a policy with the specified name. Parameters: Tag Value name -Name of the policy. description -Brief information about the policy. mmpfs -Option to set master perfect forward secrecy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Polling Interval, time in minutes for policy agent to check for changes in policy store. assign -Assigns the policy as active or inactive. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1. GroupNum can be 1 (Low), 2 (Med), 3 (DH2048). Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. If the store is 'domain' then ‘assign’ will have no effect. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add policy Policy1 mmpfs= yes assign=yes mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"
11251	使用方式: filterlist [ name = ] [ [ description = ] ] 使用指定名稱建立一個空白篩選器清單。 參數: 標記 值 name -篩選器清單名稱。 description -篩選器清單相關簡短資訊。 備註: 範例: add filterlist Filter1	Usage: filterlist [ name = ] [ [ description = ] ] Creates an empty filter list with the specified name. Parameters: Tag Value name -Name of the filter list. description -Brief information about the filter list. Remarks: Examples: add filterlist Filter1
11252	使用方式: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 建立篩選器動作。 參數: 標記 值 name -篩選器動作的名稱。 description -篩選器動作類型的簡短資訊。 qmpfs -用來設定快速模式完整轉送密碼的選項。 inpass -接受無安全性的通訊，但是永遠使用 IPSec 來回應。 數值可以是‘yes’或‘no’。 soft -允許跟非 IPSec 感知的電腦的不安全通訊。 數值可以是‘yes’或‘no’。 action -可以是‘permit’、‘block’或‘negotiate’。 qmsecmethods -IPSec 提供下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s ConfAlg 可以是 DES 或 3DES 或 None。 AuthAlg 可以是 MD5 或 SHA1 或 None。 HashAlg 是 MD5 或 SHA1。 k 是以 KB 為單位的存留期。 s 是以秒為單位的存留期。 備註: 1. 如果動作不是‘negotiate’則忽略快速模式安全性方式 2. 不建議使用 DES 和 MD5。這些加密演算法僅提供為舊版相容性之用。 範例: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"	Usage: filteraction [ name = ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Creates a filter action. Parameters: Tag Value name -Name of the filter action. description -Brief information about the type of filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit, block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is Lifetime in kilobytes. where s is Lifetime in seconds. Remarks: 1. Quick mode security methods are ignored if the action is not ‘negotiate’ 2. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add filteraction name=FilterA qmpfs=yes soft=y action=negotiate qmsec="AH[MD5]:204800k/300s ESP[DES,SHA1]:30000k/480s"
11253	使用方式: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 用指定的篩選器和篩選器動作建立規則。 參數: 標記 值 name -規則名稱。 policy -規則所屬的原則名稱。 filterlist -要使用的篩選器清單名稱。 filteraction -要使用的篩選器動作名稱。 tunnel -通道端點 IP 位址。 conntype -連線類型可以是‘lan’，‘dialup’或‘all’。 activate -如果指定了‘yes’則啟用原則裡的規則。 description -規則的簡短資訊。 kerberos -如果指定了‘yes’則提供 Kerberos 驗證。 psk -使用指定的預先共用金鑰來提供驗證。 rootca -使用指定的根憑證來提供驗證， 如果指定了 certmap:Yes 則嘗試對應憑證， 如果指定了 excludecaname:Yes 則排除 CA 名稱。 備註: 1. 憑證、對應，和 CA 名稱設定都應該用引號包圍; 用 \' 來代替內嵌引號。 2. 憑證對應只有在網域成員上才正確。 3. 可以多次使用 rootca 參數來提供多重憑證。 4. 每個驗證方法的順序是由它在命令裡的順序來決定的。 5. 如果沒有指定驗證方法，則使用動態預設值。 6. 排除根憑證授權單位名稱會防止名稱被當成憑證要求的一部分而傳送出。 範例: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"	Usage: rule [ name = ] [ policy = ] [ filterlist = ] [ filteraction = ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ description = ] ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Creates a rule with the specified filter list and filter action. Parameters: Tag Value name -Name of the rule. policy -Name of the policy the rule belongs to. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel end point IP address. conntype -Connection type can be lan, dialup or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. description -Brief information about the rule. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: add rule name=Rule policy=Policy filterlist=Filterlist filteraction=FilterAction kerberos=yes psk="my key" rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
11254	使用方式: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] 新增篩選器到指定的篩選器清單。 參數: 標記 值 filterlist -要新增篩選器的篩選器清單名稱。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 description -篩選器的簡短資訊。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 mirrored -'Yes'會建立兩個篩選器，每個方向一個。 srcmask -來源位址遮罩位址遮罩或 1 到 32 間的首碼。若 srcaddr 設為範圍則不適用 dstmask -目的地位址遮罩或 1 到 32 間的首碼。若 dstaddr 設為範圍則不適用 srcport -封包的來源連接埠。0 代表任何連接埠。 dstport -封包的目的地連接埠。0 代表任何連接埠。 備註: 1. 若篩選器清單不存在則將建立它。 2. 若要指定目前電腦位址，請設定 srcaddr/dstaddr=me 若要指定所有電腦位置，請設定 srcaddr/dstaddr=any 3. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 若來源是伺服器類型，則 dest 是 'me'，反之亦然。 5. 若指定位址範圍，則端點必須是特定位址 (不可以是清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME	Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ description = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ mirrored = ] (yes | no) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] Adds a filter to the specified filter list. Parameters: Tag Value filterlist -Name of the filter list to which the filter is added. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. description -Brief information about the filter. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. mirrored -‘Yes’ creates two filters, one in each direction. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port. dstport -Destination port of the packet. A value of 0 means any port. Remarks: 1. If the filter list does not exist it will be created. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server type, then dest is 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. add filter filterlist=Filter1 192.145.168.0 192.145.168.45 srcmask=24 dstmask=32 2. add filter filterlist=Filter1 srcaddr=DHCP dstaddr=0.0.0.0 protocol=ICMP srcmask=255.255.255.255 dstmask=255.255.255.255 3. add filter filterlist=Filter1 srcaddr=me dstaddr=any 4. add filter filterlist=Filter1 srcaddr= E3D7::51F4:9BC8:00A8:6420 dstaddr= ME 5. add filter filterlist=Filter1 srcaddr= 192.168.2.1-192,168.2.10 dstaddr= ME
11300	修改現存原則和相關資訊。	Modifies existing policies and related information.
11310	修改原則。	Modifies a policy.
11311	修改篩選器清單。	Modifies a filter list.
11312	修改篩選器動作。	Modifies a filter action.
11313	修改規則。	Modifies a rule.
11314	設定目前的原則存放區。	Sets the current policy store.
11315	修改原則的預設回應規則。	Modifies the default response rule of a policy.
11317	設定批次更新模式。	Sets the batch update mode.
11350	使用方式: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 修改原則。 參數: 標記 值 name | guid -原則的名稱或 GUID。 newname -新名稱。 description -簡短資訊。 mmpfs -設定主完整轉送密碼。 qmpermm -每個主要模式的快速模式數目。 mmlifetime -重新建立金鑰的時間。 activatedefaultrule -啟用預設回應規則。只有在 Windows Vista 之前的 Windows 版本才有效。 pollinginterval -檢查原則存放區變更的時間 (以分鐘為單位)。 assign -指派原則。 gponame -可為其指派原則的本機 AD 群組原則物件名稱。只有在存放 區是網域時才有效。 mmsecmethods -以空格分隔的安全性方法清單，其格式為 ConfAlg-HashAlg-GroupNum。 備註: 1. 若已指定 mmpfs，則 qmpermm 會設定為 1。 2. 只有當存放區設定為網域時，才能指定 GPO 名稱。 3. 不建議使用 DES 與 MD5。這些密碼編譯演算法僅提供為回溯相容性之用。 範例: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y	Usage: policy [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ mmpfs = ] (yes | no) ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ activatedefaultrule = ] ( yes | no) ] [ [ pollinginterval = ] ] [ [ assign = ] (yes | no) ] [ [ gponame = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a policy. Parameters: Tag Value name | guid -Name of the policy, or guid. newname -New name. description -Brief information. mmpfs -Sets master perfect forward secrecy. qmpermm -Number of quick modes per main mode. mmlifetime -Time in minutes to rekey. activatedefaultrule -Activates the default response rule. Valid only for versions of Windows prior to Windows Vista. pollinginterval -Time in minutes to check for change in policy store. assign -Assigns the policy. gponame -Local AD group policy object name to which the policy can be assigned. Valid when the store is domain. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. Remarks: 1. If mmpfs is specified, qmpermm is set to 1. 2. A GPO name can only be specified if the store is set to domain. 3. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: 1. set policy name=Policy mmpfs=y gpo=DomainPolicy assign=y 2. set policy guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=NewName gpo=DefaultDomainPolicy assign=y
11351	使用方式: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] 修改篩選器清單的名稱和描述。 參數: 標記 值 name | guid -篩選器清單或 guid 的名稱。 newname -篩選器清單的新名稱。 description -篩選器清單的簡短資訊。 範例: 1. set filterlist Filter1 desc=NewFilter1 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName	Usage: filterlist [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] Modifies a filter list name and description. Parameters: Tag Value name | guid -Name of the filter list or guid. newname -New name of the filter list. description -Brief information about the filter list. Examples: 1. set filterlist Filter1 desc=NewFilter1 2. set filterlist guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} newname=FilterName
11352	使用方式: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 修改篩選器動作。 參數: 標記 值 name | guid -篩選器動作名稱或 GUID。 newname -篩選器動作的新增名稱。 description -篩選器動作的簡短資訊。 qmpfs -設定快速模式完整轉送密碼的選項。 inpass -接受無安全性的通訊，但是永遠使用 IPSec 回應。 將接受‘yes’或‘no’的值。 soft -允許跟非 IPSec 感知的電腦的不安全通訊。 將接受‘yes’或‘no’的值。 action -將接受 permit 或 block 或 negotiate。 qmsecmethods -IPSec 提供下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s ConfAlg 可以是 DES 或 3DES 或 None。 AuthAlg 可以是 MD5 或 SHA1 或 None。 HashAlg 是 MD5 或 SHA1。 k 是以 KB 為單位的存留期。 s 是以秒為單位的存留期。 備註: 不建議使用 DES 和 MD5。這些加密演算法僅提供為 舊版相容性之用。 範例: 1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y	Usage: filteraction [ name = ] | [ guid = ] [ [ newname = ] ] [ [ description = ] ] [ [ qmpfs = ] (yes | no) ] [ [ inpass = ] (yes | no) ] [ [ soft = ] (yes | no) ] [ [ action = ] (permit | block | negotiate) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a filter action. Parameters: Tag Value name | guid -Name or guid of the filter action. newname -New name of the filter action. description -Brief information about the filter action. qmpfs -Option to set quick mode perfect forward secrecy. inpass -Accept unsecured communication, but always respond using IPsec. This takes a value of either ‘yes’ or ‘no’. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. action -This takes permit or block or negotiate. qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples:1. set filteraction name=test qmsec=ESP[3DES,MD5]:100000k/2000s 2. set filteraction guid={11E6E97E-0031-49f5-AC7D-5F2FE99BABAF} inpass=y
11353	使用方式: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 修改原則裡的規則。 參數: 標記 值 name | id -規則的名稱或 ID。 policy -規則所屬的原則名稱。 newname -規則的新增名稱。 description -規則的簡短資訊。 filterlist -要使用的篩選器清單名稱。 filteraction -要使用的篩選器動作名稱。 tunnel -通道 IP 位址或 DNS 名稱。 conntype -連線類型可以是‘lan’，‘dialup’或‘all’。 activate -如果指定了‘yes’則啟用原則裡的規則。 kerberos -如果指定了‘yes’則提供 Kerberos 驗證。 psk -使用指定的預先共用金鑰來提供驗證。 rootca -使用指定的根憑證來提供驗證，如果指定了 certmap:Yes 則 嘗試對應憑證，如果指定了 excludecaname:Yes 則排除 CA 名稱。 備註: 1. 憑證、對應，和 CA 名稱設定都要用引號包住; 用 \' 來取代嵌入式引號。 2. 只有在網域成員裡憑證對應才正確。 3. 可以多次使用 rootca 參數來提供多重憑證。 4. 每個驗證方法的優先順序是由它在命令裡的順序決定的。 5. 如果沒有指定驗證方法，會使用動態預設值。 6. 會用指定的清單來覆寫所有驗證方法。 7. 排除根憑證授權單位 (CA) 名稱將防止該名稱被當成憑證要求的一部分而傳出。 範例: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156	Usage: rule [ name = ] | [id= ] [ policy = ] [ [ newname = ] ] [ [ description = ] ] [ [ filterlist = ] ] [ [ filteraction = ] ] [ [ tunnel = ] (ip | dns) ] [ [ conntype = ] (lan | dialup | all) ] [ [ activate = ] (yes | no) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule in a policy. Parameters: Tag Value name | id -Name or ID of the rule. policy -Name of the policy, the rule belongs to. newname -New name of the rule. description -Brief information about the rule. filterlist -Name of the filter list to be used. filteraction -Name of the filter action to be used. tunnel -Tunnel ip address or dns name. conntype -Connection type can be ‘lan’, ‘dialup’ or ‘all’. activate -Activates the rule in the policy if ‘yes’ is specified. kerberos -Provides Kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 2. Certificate mapping is valid only for domain members. 3. Multiple certificates can be provided by using the rootca parameter multiple times. 4. The preference of each authentication method is determined by its order in the command. 5. If no auth methods are stated, dynamic defaults are used. 6. All authentication methods are overwritten with the stated list. 7. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. Examples: 1. set rule name=Rule policy=Policy activate=yes rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no" 2. set rule id=3 Policy newname=RuleNew tunnel=192.165.123.156
11354	使用方式: store [location = ] (local | domain) [ [ domain = ] ] 設定目前 IPsec 原則存放區位置。 參數: 標記 值 location IPsec 原則存放區的位置。 domain 網域名稱 (只適用於網域位置)。 備註: 1. 本機存放區包含可以指派來保護此電腦安全的 IPsec 原則。如果有可用 的網域原則，會套用網域原則來代替本機原則。 2. 網域存放區包含可指派來保護網域上電腦群組安全的 IPsec 原則。 3. 使用 'set machine' 命令來設定遠端電腦。 4. 預設存放區是本機。存放區的設定變更只在目前的 Netsh 工作階段中 有效。如果您需要用批次檔在相同的存放區上執行多重命令，請在執行 您的批次檔時使用 ‘Netsh Exec’。 5. 不支援持續性存放區與持續性原則。 範例: 1. set store location= local - 使用目前電腦的本機存放區。 2. set store location=domain domain=example.microsoft. com - 使用 example.microsoft.com 的網域原則存放區。	Usage: store [location = ] (local | domain) [ [ domain = ] ] Sets the current IPsec policy storage location. Parameters: Tag Value location Location of the IPsec policy store. domain Domain name (only applies to the domain location). Remarks: 1. The local store contains IPsec policies that can be assigned to secure this computer. If a domain policy is available, the domain policy is applied instead of the local policy. 2. The domain store contains IPsec policies that can be assigned to secure groups of computers in a domain. 3. Use the 'set machine' command to configure a remote computer. 4. The default store is Local. Changes to the store setting persist only as long as the current Netsh session. If you need to run multiple commands in the same store from a batch file, use the ‘Netsh Exec’ when executing your batch file. 5. Persistent store and persistent policy is not supported. Examples: 1. set store location= local - uses the local store of the current computer . 2. set store location=domain domain=example.microsoft. com - uses the domain policy store for example.microsoft.com .
11355	使用方式: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 修改指定原則的預設規則。 在 Windows Vista 與舊版 Windows 上會忽略此規則 參數: 標記 值 policy -要修改預設回應規則的 原則 名稱。 qmpfs -用來設定快速模式完整傳送密碼的選項。 activate -如果指定為‘yes’則啟動規則。 qmsecmethods -IPsec 提供下列格式之一: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s ConfAlg 可以為 DES、3DES 或 None。 AuthAlg 可以為 MD5、SHA1 或 None。 HashAlg 是 MD5 或 SHA1。 k 是以 KB 為單位的存留期。 s 是以秒為單位的存留期。 kerberos -如果指定為‘yes’則提供 Kerberos 驗證。 psk -提供使用指定預先共用金鑰的驗證。 rootca -提供使用指定根憑證的驗證， 如果指定為 certmap:Yes，則嘗試對應憑證， 如果指定為 excludecaname:Yes 則排除 CA 名稱。 備註: 1. 憑證、對應與 CA 名稱設定都要在引號內; 用 \' 來取代內嵌式引號。 2. 憑證對應只對網域成員有效。 3. 可以多次使用 rootca 參數來提供多重憑證。 4. 每個驗證方式的優先順序 是由 在命令裡的順序決定。 5. 如果沒有陳述驗證方法，則會使用動態預設值 。 6. 不建議使用 DES 和 MD5。這些加密演算法僅提供為 舊版相容性之用。 範例: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"	Usage: defaultrule [ policy = ] [ [ qmpfs = ] (yes | no) ] [ [ activate = ] (yes | no) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies the default response rule of the specified policy. This rule will be ignored on Windows Vista and later versions of Windows Parameters: Tag Value policy -Name of the policy for which the default response rule is to be modified . qmpfs -Option to set quick mode perfect forward secrecy . activate -Activates the rule in the policy if ‘yes’ is specified . qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/ s AH[HashAlg]:k/ s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/ s where ConfAlg can be DES, or 3DES or None . where AuthAlg can be MD5, or SHA1 or None . where HashAlg is MD5 or SHA1 . where k is lifetime in kilobytes . where s is lifetime in seconds . kerberos -Provides Kerberos authentication if ‘yes’ is specified . psk -Provides authentication using a specified preshared key . rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified . Remarks: 1. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \' . 2. Certificate mapping is valid only for domain members . 3. Multiple certificates can be provided by using the rootca parameter multiple times . 4. The preference of each authentication method is determined by its order in the command . 5. If no auth methods are stated, dynamic defaults are used . 6. The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only . Examples: set defaultrule Policy1 activate= y qmsec="AH[MD5]+ESP[3DES,MD5]:100000k/2000s"
11357	使用方式: set batch [mode = ] (enable | disable) 設定批次更新模式。 參數: mode - 批次更新的模式。	Usage: set batch [mode = ] (enable | disable) Sets the batch update mode. Parameters: mode - The mode for batch updates.
11400	刪除原則和相關資訊。	Deletes policies and related information.
11410	刪除原則和它的規則。	Deletes a policy and its rules.
11411	刪除篩選器清單。	Deletes a filter list.
11412	刪除篩選器動作。	Deletes a filter action.
11413	從原則裡刪除規則。	Deletes a rule from a policy.
11414	從篩選器清單裡刪除篩選器。	Deletes a filter from a filter list.
11415	刪除所有原則、篩選器清單和篩選器動作。	Deletes all policies, filter lists, and filter actions.
11450	使用方式: policy [ name = ] | [ all ] 刪除原則和它所有關聯的規則。 參數: 標記 值 name | all -原則名稱或‘all’。 備註: 如果指定了 'all'，刪除所有原則。 範例: 1. delete policy all - 刪除所有原則。 2. delete policy name=Policy1 - 刪除名稱為 Policy1 的原則。	Usage: policy [ name = ] | [ all ] Deletes the policy and all its associated rules. Parameters: Tag Value name | all -Name of the policy or ‘all’. Remarks: If 'all' is specified, all policies are deleted. Examples: 1. delete policy all - deletes all policies. 2. delete policy name=Policy1 - deletes the policy named Policy1.
11451	使用方式: filterlist [name = ] | [ all ] 刪除篩選器清單和它所有關聯的篩選器。 參數: 標記 值 name | all -篩選器清單名稱或‘all’。 備註: 如果指定了 'all'，刪除所有篩選器清單。 範例: delete filterlist all	Usage: filterlist [name = ] | [ all ] Deletes the filter list and all of its associated filters. Parameters: Tag Value name | all -Name of the filter list or ‘all’. Remarks: If 'all' is specified, all filter lists are deleted. Examples: delete filterlist all
11452	使用方式: filteraction [ name = ] | [ all ] 刪除篩選器動作。 參數: 標記 值 name | all -篩選器動作名稱或‘all’。 備註: 如果指定了 'all'，刪除所有篩選器動作。 範例: 1. delete filteraction FilterA 2. delete filteraction all	Usage: filteraction [ name = ] | [ all ] Deletes a filter action. Parameters: Tag Value name | all -Name of the filter action or ‘all’. Remarks: If 'all' is specified, all filter actions are deleted. Examples: 1. delete filteraction FilterA 2. delete filteraction all
11453	使用方式: rule [ name = ] | [ id = ] | [ all ] [ policy = ] 刪除原則裡的規則。 參數: 標記 值 name | id | all -規則名稱，規則的 ID，或‘all’ policy -原則名稱。 備註: 1. 如果指定了 'all'，刪除原則裡所有的規則，除了預設回應規則之外。 2. 無法刪除預設回應規則。 3. 每個刪除會變更 ID。 範例: 1. delete rule id=1 Policy1 -刪除來自 Policy1，id=1 的規則。 2. delete rule all Policy1 -刪除所有來自 Policy1 的規則。	Usage: rule [ name = ] | [ id = ] | [ all ] [ policy = ] Deletes a rule from a policy. Parameters: Tag Value name | id | all -Name of the rule, ID of the rule, or ‘all’ policy -Name of the policy. Remarks: 1. If 'all' is specified, deletes all rules from the policy except the default response rule. 2. The default response rule cannot be deleted. 3. The IDs will change with every delete. Examples: 1. delete rule id=1 Policy1 -deletes the rule with id=1 from Policy1. 2. delete rule all Policy1 -deletes all the rules from Policy1.
11454	使用方式: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] 從篩選器清單裡刪除篩選器 參數: 標記 值 filterlist -加入篩選器的篩選器清單名稱。 srcaddr - 來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 srcmask -來源位址遮罩或首碼為 1 到 32。若 srcaddr 設為範圍則不適用 dstmask -目標位址遮罩或首碼為 1 到 32。 若 dstaddr 設為範圍則不適用 srcport -封包的來源連接埠。0 代表任何連接埠 dstport -封包的目標連接埠。0 代表任何連接埠。 mirrored -‘Yes’會建立兩個篩選器，每個方向一個。 備註: 1. 從篩選器清單裡刪除完全相符的篩選器。 2. 要指定目前電腦位址，請設定 srcaddr/dstaddr=me 要指定所有電腦位址，請設定 srcaddr/dstaddr=any 3. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 4. 如果來源是伺服器，則 dest 要設為 'me' 反之亦然。 5. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME	Usage: filter [ filterlist = ] [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] Deletes a filter from a filter list Parameters: Tag Value filterlist -Name of the filter list to which the filter was added. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range srcport -Source port of the packet. A value of 0 means any port dstport -Destination port of the packet. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. Remarks: 1. Deletes the exact match filter from the filter list. 2. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 3. Server type can be WINS, DNS, DHCP or GATEWAY. 4. If source is a server, then dest is set to 'me' and vice-versa. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. delete filter FilterList1 src=fum.com dst=fum.com 2. delete filter Filter1 srcaddr=me dstaddr=any proto=TCP 3. delete filter Filter1 srcaddr=GATEWAY dstaddr=0.0.0.0 proto=TCP 4. delete filter Filter1 srcaddr=192.168.2.1-192.168.2.10 dstaddr=ME
11455	使用方式: all 刪除所有原則、篩選器清單，和篩選器動作。 參數: 備註: 範例: delete all	Usage: all Deletes all policies, filter lists, and filter actions. Parameters: Remarks: Examples: delete all
11500	顯示原則的詳細和相關資訊。	Displays details of policies and related information.
11510	顯示原則的詳細資訊。	Displays policy details.
11511	顯示篩選器清單詳細資訊。	Displays filter list details.
11512	顯示篩選器動作的詳細資訊。	Displays filter action details.
11513	顯示規則的詳細資訊。	Displays rule details.
11515	顯示所有原則的詳細和相關資訊。	Displays details of all policies and related information.
11516	顯示群組指定原則的詳細資訊。	Displays details of a group assigned policy.
11517	顯示目前的原則存放區。	Displays the current policy store.
11550	使用方式: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 顯示原則的詳細資訊。 參數: 標記 值 name | all -原則名稱或‘all’。 level -詳細資訊或一般。 format -在螢幕上顯示或以定位鍵格式。 wide -如果設定成‘no’，會截斷名稱和描述以符合螢幕 80 字元的寬度。 備註: 如果指定了 'all' ，會顯示所有原則的詳細資訊。 範例: show policy Policy1 wide=yes format=table	Usage: policy [ name = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a policy Parameters: Tag Value name | all -Name of the policy or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all policy details are displayed. Examples: show policy Policy1 wide=yes format=table
11551	使用方式: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] 顯示篩選器清單的詳細資訊。 參數: 標記 值 name | rule | all -篩選器清單名稱、規則名稱，或‘all’。 level -詳細資訊或一般。 format -在螢幕上顯示或以定位鍵格式。 resolvedns -‘yes’將強制詳細資訊輸出顯示目前儲存在篩選器欄位的 IP 位址和 DNS 名稱的 DNS 對應。 wide -如果設定成‘no’，會截斷名稱和描述以符合螢幕 80 個字元的寬度。 備註: 如果指定了 'all' ，會顯示所有的篩選器清單。 範例: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes	Usage: filterlist [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] [ [ wide = ] (yes | no) ] Displays the details of a filter list Parameters: Tag Value name | rule | all -Name of the filter list, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format. resolvedns -Value of ‘yes’ will force the verbose output to show the current dns mapping for ip addresses and dns names that are stored in the filter fields. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter lists are displayed. Examples: show filterlist Filterlist=Filterlist1 resolvedns=yes wide=yes
11552	使用方式: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 顯示篩選器動作的詳細資訊。 參數: 標記 值 name | rule | all -篩選器動作名稱、規則名稱，或‘all’。 level -詳細資訊或一般。 format -在螢幕上顯示或以定位鍵格式。 wide -如果設定成‘no’，會截斷名稱和描述以符合螢幕 80 個字元的寬度。 備註: 如果指定了 'all'，會顯示所有篩選器動作。 範例: 1. show filteraction FilterAction1 - shows the details of the filter action named FilterAction1 2. show filteraction rule=Rule1 - shows the filter action used by the rule named Rule1 3. show filteraction all - shows all filter actions	Usage: filteraction [ name = ] | [ rule = ] | [ all ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of a filter action Parameters: Tag Value name | rule | all -Name of the filter action, rule name, or ‘all’. level -Verbose or normal. format -Output in screen or tab-delimited format wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: If 'all' is specified, all filter actions are displayed. Examples: 1. show filteraction FilterAction1 - shows the details of the filter action named FilterAction1 2. show filteraction rule=Rule1 - shows the filter action used by the rule named Rule1 3. show filteraction all - shows all filter actions
11553	使用方式: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 顯示原則的規則詳細資訊。 參數: 標記 值 name | id | all | default -規則名稱、它的 ID、‘all’，或‘default’。 policy -原則名稱。 type -規則類型是‘transport’或‘tunnel’。 level -詳細資訊或一般。 format -在螢幕上顯示或以定位鍵格式。 wide -如果設定成‘no’，會截斷名稱和描述以符合螢幕 80 個字元的寬度。 備註: 1. 如果指定了‘all’，會顯示所有規則。 2. 如果指定了類型參數，則需要指定 'all'。 範例: 1. show rule all type=transport policy=Policy1 - shows all the transport rules of the policy named Policy1. 2. show rule id=1 policy=Policy1 - shows the first rule of the policy. 3. show rule default policy=Policy1 - shows the details of the default response rule of Policy1.	Usage: rule [ name = ] | [ id = ] ] | [ all ] | [default] [ policy = ] [ [ type = ] (tunnel | tranport) ] [ [ level = ] (verbose | normal) ] [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays the details of rules for the policy. Parameters: Tag Value name | id | all | default -Name of the rule, its id, ‘all’, or ‘default’. policy -Name of the policy. type -Rule type is ‘transport’ or ‘tunnel’. level -Verbose or normal. format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: 1. If ‘all’ is specified, all rules are displayed. 2. If the type parameter is specified, 'all' needs to be specified. Examples: 1. show rule all type=transport policy=Policy1 - shows all the transport rules of the policy named Policy1. 2. show rule id=1 policy=Policy1 - shows the first rule of the policy. 3. show rule default policy=Policy1 - shows the details of the default response rule of Policy1.
11555	使用方式: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] 顯示所有原則、篩選器清單，和篩選器動作。 參數: 標記 值 format -在螢幕上顯示或以定位鍵格式。 wide -如果設定成‘no’，會截斷名稱和描述以符合螢幕 80 個字元的寬度。 備註: 範例: show all	Usage: all [ [ format = ] (list | table) ] [ [ wide = ] (yes | no) ] Displays all policies, filter lists, and filter actions. Parameters: Tag Value format -Output in screen or tab-delimited format. wide -If set to ‘no’, the name and description are truncated to fit the screen width of 80 characters. Remarks: Examples: show all
11556	使用方式: gpoassignedpolicy [name = ] 顯示指定的 GPO 的使用中原則詳細資訊。 參數: 標記 值 Name -本機 AD 群組原則物件名稱。 備註: 1. 如果目前的儲存區是網域，則需要 name 參數，否則 將不允許 name 參數 範例: 1. show gpoassignedpolicy name=GPO1 - 顯示已指派給 GPO1 的網域原則。 2. show gpoassignedpolicy - 顯示目前在此電腦上指派的原則。	Usage: gpoassignedpolicy [name = ] Displays the details of the active policy for the specified GPO. Parameters: Tag Value Name -Local AD Group policy object name. Remarks: 1. if the current store is domain, the name parameter is required, otherwise it is not allowed Examples: 1. show gpoassignedpolicy name=GPO1 - shows the assigned domain policy to GPO1. 2. show gpoassignedpolicy - shows currently assigned policy on this computer.
11557	使用方式: store 範例: show store	Usage: store Examples: show store
12200	在 SPD 裡新增原則、篩選器，和動作。	Adds policy, filter, and actions to SPD.
12210	在 SPD 裡新增快速模式原則。	Adds a quick mode policy to SPD.
12211	在 SPD 裡新增主要模式原則。	Adds a main mode policy to SPD.
12212	在 SPD 裡新增快速模式篩選器。	Adds a quick mode filter to SPD.
12213	在 SPD 裡新增主要模式篩選器。	Adds a main mode filter to SPD.
12215	新增規則和相關的篩選器到 SPD。	Adds a rule and associated filters to SPD.
12250	使用方式: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 新增一個快速模式原則到 SPD。 參數: 標記 值 name -快速模式原則的名稱。 soft -允許和 IPSec 沒注意到的電腦， 做未設定安全的通訊，接受數值 'yes' 或 'no'。 pfsgroup -GRP1，GRP2，GRP3，GRPMM，NOPFS(預設)。 qmsecmethods -IPSec 提供下列幾種格式 : ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s ConfAlg 可以是 DES 或 3DES 或 None。 AuthAlg 可以是 MD5 或 SHA1 或 None。 HashAlg 是 MD5 或 SHA1。 k 是存留期 (KB)。 s 是存留期 (秒)。 備註: 不建議使用 DES 和 MD5。這些加密演算法僅提供為舊版相容性之用。 範例: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"	Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either ‘yes’ or ‘no’. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s"
12251	使用方法: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 新增一個主要模式原則到 SPD。 參數: 標記 值 name -主要模式原則名稱。 qmpermm -每一個 IKE 主要模式階段中的快速模式階段數。 mmlifetime -重新輸入 (以分鐘計) IKE 的主要模式。 softsaexpirationtime -未受保護的 SA 到期時間 (以分鐘計)。 mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多 個空格區分安全方式的清單。 ConfAlg 可能是 DES 或 3DES 而 HashAlg 可能是 MD5 或 SHA1。 GroupNum 可以是 1 (Low)， 2 (Med)， 3 (DH2048)。 備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。 範例: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"	Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Adds a main mode policy to SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum. where ConfAlg can be DES or 3DES where HashAlg can be MD5 or SHA1 GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add mmp name=mmp qmpermm=10 mmlifetime=300 softsa=20 mmsec="3DES-SHA1-3 DES-SHA1-2 3DES-MD5-3"
12255	使用方式: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 新增規則。 參數: 標記 值 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 mmpolicy -主要模式原則 qmpolicy -快速模式原則 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 如果您指定連接埠，可接受的值是 TCP 或 UDP。 srcport -來源連接埠 (0 代表任何連接埠) dstport -目標連接埠 (0 代表任何連接埠) mirrored -‘Yes' 會建立兩個篩選器，每個方向一個。 conntype -連線類型 actioninbound -輸入封包動作 actionoutbound -輸出封包動作 srcmask -來源位址遮罩或首碼為 1 到 32。若 srcaddr 設為範圍則不適用 dstmask -目標位址遮罩或首碼為 1 到 32。若 dstaddr 設為範圍則不適用 tunneldstaddress -通道目標 IP 位址或 DNS 名稱。 kerberos -如果指定為‘yes’則會提供 kerberos 驗證。 psk -使用指定的預先共用金鑰來提供驗證。 rootca -使用指定的根憑證來提供驗證， 如果指定了 certmap:Yes 則會嘗試對應憑證， 如果指定了 excludecaname:Yes 則會排除 CA 名稱。 備註: 1. TCP 和 UDP 連接埠才有效。 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY 3. actioninbound 和 actionoutbound 的預設為‘negotiate’。 4. 通道規則的 mirrored 必須設定成 'no'。 5. 憑證、對應，和 CA 名稱設定都要在 引號內; 如裡面尚有引號，請使用 \' 來取代原本的引號。 6. 只有在網域成員裡憑證對應才有效。 7. 可以多次使用 rootca 參數來提供 多重憑證。 8. 每個驗證方法的優先順序是由 在命令裡的順序決定。 9. 如果沒有指定驗證方法，則會使用動態預設值。 10. 排除根憑證授權單位 (CA) 的名稱可以防止 名稱被當成憑證要求的一部分而被傳送出去。 11. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"	Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ mmpolicy = ] [ [ qmpolicy = ] ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ mirrored = ] (yes | no) ] [ [ conntype = ] (lan | dialup | all) ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Adds a Rule. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. mmpolicy -Main mode policy qmpolicy -Quick mode policy protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. If you specify a port, acceptable value is TCP or UDP. srcport -Source port(0 means any port) dstport -Destination port(0 means any port) mirrored -‘Yes' creates two filters, one in each direction. conntype -Connection type actioninbound -Action for inbound packets actionoutbound -Action for outbound packets srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. kerberos -Provides kerberos authentication if ‘yes’ is specified. psk -Provides authentication using a specified preshared key. rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Port valid for TCP and UDP. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Default for actioninbound and actionoutbound is ‘negotiate’. 4. For tunnel rules, mirrored must be set to 'no'. 5. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 6. Certificate mapping is valid only for domain members. 7. Multiple certificates can be provided by using the rootca parameter multiple times. 8. The preference of each authentication method is determined by its order in the command. 9. If no auth methods are stated, dynamic defaults are used. 10. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 11. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Example: add rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 dstmask=255.255.255.255 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
12300	在 SPD 裡修改原則、篩選器，和動作。	Modifies policy, filter, and actions in SPD.
12310	在 SPD 裡修改快速模式原則。	Modifies a quick mode policy in SPD.
12311	在 SPD 裡修改主要模式原則。	Modifies a main mode policy in SPD.
12312	在 SPD 裡修改快速模式篩選器。	Modifies a quick mode filter in SPD.
12313	在 SPD 裡修改主要模式篩選器。	Modifies a main mode filter in SPD.
12319	設定 IPsec 設定和開機時的行為。	Sets the IPsec configuration and boot time behavior.
12320	在 SPD 裡修改規則和相關的篩選器。	Modifies a rule and associated filters in SPD.
12350	使用方式: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] 在 SPD 裡修改快速模式原則。 參數: 標記 值 name -快速模式原則名稱。 soft -允許跟非 IPSec 感知的電腦不安全通訊。 可以是 'yes' 或 'no'。 pfsgroup -GRP1、GRP2、GRP3、GRPMM，NOPFS (預設值)。 qmsecmethods -IPSec 提供下列格式之一: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s ConfAlg 可以是 DES 或 3DES 或 None。 AuthAlg 可以是 MD5 或 SHA1 或 None。 HashAlg 是 MD5 或 SHA1。 k 是以 KB 為單位的存留期。 s 是以秒為單位的存留期。 備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。 範例: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"	Usage: qmpolicy [ name = ] [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Modifies a quick mode policy in SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either 'yes' or 'no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES, or 3DES or None. where AuthAlg can be MD5, or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set qmpolicy name=qmp pfsg=grp3 qmsec="AH[MD5]:100000k/29999s+ESP[DES,SHA1]"
12351	使用方式: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] 使用 SPD 中的新參數修改主要模式原則。 參數: 標記 值 name -主要模式原則名稱。 qmpermm -每一個 IKE 主要模式階段中的快速模式階段數。 mmlifetime -重新輸入 (以分鐘計) IKE 的主要模式。 softsaexpirationtime -未受保護的 SA 到期時間 (以分鐘計)。 mmsecmethods -以 ConfAlg-HashAlg-GroupNum 格式列出一個或多 個空格區分安全方式的清單。 ConfAlg 可能是 DES 或 3DES，HashAlg 是 MD5 或 SHA1， GroupNum 可能是 1 (Low) 或 2 (Med) 或 3 (DH2048)。 備註: 不建議使用 DES 和 MD5。這些加密編譯演算法僅提供為舊版相容性之用。 範例: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3	Usage: mmpolicy [ name = ] [ [ qmpermm = ] ] [ [ mmlifetime = ] ] [ [ softsaexpirationtime = ] ] [ [ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ] Modifies a main mode policy with the new parameters in SPD. Parameters: Tag Value name -Name of the main mode policy. qmpermm -Number of quick mode sessions per main mode session of IKE. mmlifetime -Time in minutes to rekey for main mode of IKE. softsaexpirationtime -Time in minutes for an unprotected SA to expire. mmsecmethods -List of one or more space separated security methods in the form of ConfAlg-HashAlg-GroupNum, where ConfAlg can be DES or 3DES, HashAlg is MD5 or SHA1, GroupNum can be 1 (Low) or 2 (Med) or 3 (DH2048). Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Example: set mmpolicy name=mmp qmpermm=10 mmlife=10 mmsecmethod=3DES-MD5-3
12359	使用方式: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] 設定 IPsec 的參數。 參數: 標記 值 property -屬性名稱。 value -對應至屬性的值。 備註: 1. 有效的屬性值包括: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 到 86400 秒 ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" 引號中的字串指定開機模式中永遠允許的通訊協定與連 接埠清單，格式如下: Protocol:SrcPort:DstPort:Direction 其中，protocol 是 ICMP, TCP, UDP, RAW 或 而 direction 是 inbound 或 outbound 2. ipsecdiagnostics、ikelogging、ipsecloginterval、bootmode 與 bootexemptions 選項僅提供回溯相容之用。對於 Windows Vista 與更新的作業系統無效。 3. SrcPort 與 DstPort 只對於 TCP 與 UDP 才有效，對於其他通訊協定，豁免的格式 是 Protocol:Direction。 4. 連接埠設定值 0 可允許任何連接埠的流量。 5. ikelogging 與 strongcrlcheck 會立即啟動; 所有其他屬性則會在下次開機時 才生效。 範例: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound"	Usage: config [ property = ] (ipsecdiagnostics | ipsecexempt | ipsecloginterval | ikelogging | strongcrlcheck | bootmode | bootexemptions) ] [ value = ] | | ] Configures the parameters for IPsec. Parameters: Tag Value property -Property name. value -Value that corresponds to the property. Remarks: 1. Valid values for the properties are: ipsecdiagnostics - 0, 1, 2, 3, 4, 5, 6, 7 ikelogging - 0, 1 strongcrlcheck - 0, 1, 2 ipsecloginterval - 60 to 86400 sec ipsecexempt - 0, 1, 2, 3 bootmode - stateful, block, permit bootexemptions - none, "exemption#1 exemption#2 ... exemption#n" where the quoted string specifies a list of protocols and ports to always allow during boot mode in the following format: Protocol:SrcPort:DstPort:Direction where protocol is ICMP, TCP, UDP, RAW, or where direction is inbound or outbound 2. ipsecdiagnostics, ikelogging, ipsecloginterval, bootmode and bootexemptions options are provided for backward compatibility. Not valid for Windows Vista and later operating systems. 3. SrcPort and DstPort are only valid for TCP and UDP, with other protocols the format of the exemption is Protocol:Direction. 4. A port setting of 0 allows for traffic for any port. 5. ikelogging and strongcrlcheck are activated immediately; all other properties take effect on next boot. Examples: 1. set config property=ipsecdiagnostics value=0 2. set config property=bootmode value=stateful 3. set config property=bootexemptions value=none 4. set config property=bootexemptions value="ICMP:inbound TCP:80:80:outbound"
12360	使用方式: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] 在 SPD 裡修改規則和關聯的篩選器。 參數: 標記 值 srcaddr - 來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 srcport -來源連接埠 (0 代表任何連接埠) dstport -目的地連接埠 (0 代表任何連接埠) mirrored -'Yes'會建立兩個篩選器，每個方向一個。 conntype -連線類型 srcmask -來源位址遮罩或 1 到 32 間的首碼。若 rcaddr 設為範圍則不適用 dstmask -目的地位址遮罩或 1 到 32 間的首碼。若 dstaddr 設為範圍則不適用 tunneldstaddress -通道目的地 IP 位址或 DNS 名稱。 mmpolicy -主要模式原則 qmpolicy -快速模式原則 actioninbound -輸入封包動作 actionoutbound -輸出封包動作 kerberos -如果指定了'yes'則會提供 kerberos 驗證 psk -使用指定的預先共用金鑰來提供驗證 rootca -使用指定的根憑證來提供驗證，如果指定了 certmap:Yes 則嘗試對應憑證，如果指 定了 excludecaname:Yes 則排除 CA 名稱。 備註: 1. 可以設定 Mmpolicy、qmpolicy、actioninbound、actionoutbound 和 authmethods，其他欄位 是識別元。 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 憑證、對應和 CA 名稱設定都要在引號內; 用 \' 來取代內嵌式引號。 4. 只有在網域成員裡憑證對應才有效。 5. 可以多次使用 rootca 參數來提供多重憑證。 6. 每個驗證方法的順序是由它在命令裡的順序來決定的。 7. 如果沒有指定驗證方法，會使用動態預設值。 8. 所有驗證方法都會被指定的清單覆寫。 9. 排除根憑證授權單位 (CA) 名稱可防止該名稱被當成憑證要求的一部分被送出。 10. 如果指定位址範圍，則端點必須是特定的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\'Microsoft North, South, East, and West Root Authority\' certmap:yes excludecaname:no"	Usage: rule [ srcaddr = ] (ip | dns | server) [ dstaddr = ] (ip | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] [ [ mmpolicy = ] ] [ [ qmpolicy = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ kerberos = ] (yes | no) ] [ [ psk = ] ] [ [ rootca = ] " certmap:(yes | no) excludecaname:(yes | no)" ] Modifies a rule and associated filters in SPD. Parameters: Tag Value srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port (0 means any port) dstport -Destination port (0 means any port) mirrored -'Yes' creates two filters, one in each direction. conntype -Connection type srcmask -Source address mask or a prefix of 1 through 32. Not applicable if srcaddr is set to a range dstmask -Destination address mask or a prefix of 1 through 32. Not applicable if dstaddr is set to a range tunneldstaddress -Tunnel destination ip address or dns name. mmpolicy -Main mode policy qmpolicy -Quick mode policy actioninbound -Action for inbound packets actionoutbound -Action for outbound packets kerberos -Provides kerberos authentication if ‘yes’ is specified psk -Provides authentication using a specified preshared key rootca -Provides authentication using a specified root certificate, attempts to map the cert if certmap:Yes is specified, excludes the CA name if excludecaname:Yes is specified. Remarks: 1. Mmpolicy, qmpolicy, actioninbound, actionoutbound and authmethods can be set; other fields are identifiers. 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. Certificate, mapping, and CA name settings are all to be within quotes; embedded quotes are to be replaced with \'. 4. Certificate mapping is valid only for domain members. 5. Multiple certificates can be provided by using the rootca parameter multiple times. 6. The preference of each authentication method is determined by its order in the command. 7. If no auth methods are stated, dynamic defaults are used. 8. All authentication methods are overwritten with the stated list. 9. Excluding the root certification authority (CA) name prevents the name from being sent as part of the certificate request. 10. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. set rule srca=WINS dsta=0.0.0.0 srcmask=32 dstmask=32 tunneldst=192.168.145.1 proto=tcp srcport=80 dstport=80 mir=no con=lan qmp=qmp actionin=negotiate actionout=permit 2. set rule srcaddr=192.168.145.110 dstaddr=192.168.145.215 mmpolicy=mmp qmpolicy=qmp mirrored=no srcmask=32 rootca="C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority" rootca="C=US,O=MSFT,CN=\’Microsoft North, South, East, and West Root Authority\’ certmap:yes excludecaname:no"
12400	從 SPD 裡刪除原則、篩選器，和動作。	Deletes policy, filter, and actions from SPD.
12410	從 SPD 裡刪除快速模式原則。	Deletes a quick mode policy from SPD.
12411	從 SPD 裡刪除主要模式原則。	Deletes a main mode policy from SPD.
12414	從 SPD 裡刪除規則和相關的篩選器。	Deletes a rule and associated filters from SPD.
12415	從 SPD 裡刪除所有原則，篩選器和動作。	Deletes all policies, filters, and actions from SPD.
12450	使用方式: qmpolicy [ name = ] | [ all ] 從 SPD 裡刪除快速模式原則。 如果指定了 'all'，會刪除所有快速模式原則。 參數: 標記 值 name -快速模式原則名稱。 備註: 必須先刪除任何關聯的快速模式篩選器才能刪除快速模式原則。 範例: delete qmpolicy name=qmp	Usage: qmpolicy [ name = ] | [ all ] Deletes a quick mode policy from SPD. If 'all' is specified, all quick mode policies are deleted. Parameters: Tag Value name -Name of the quick mode policy. Remarks: To delete a quick mode policy, any associated quick mode filters must first be deleted. Examples: delete qmpolicy name=qmp
12451	使用方式: mmpolicy [ name = ] | [ all ] 從 SPD 裡刪除主要模式原則。 如果指定了 'all'，會刪除所有主要模式原則。 參數: 標記 值 name -主要模式原則名稱。 備註: 必須先刪除任何關聯的主要模式篩選器才能刪除主要模式原則。 範例: delete mmpolicy name=mmp	Usage: mmpolicy [ name = ] | [ all ] Deletes a main mode policy from SPD. If 'all' is specified, all main mode policies are deleted. Parameters: Tag Value name -Name of the main mode policy. Remarks: To delete a main mode policy, any associated main mode filters must first be deleted. Examples: delete mmpolicy name=mmp
12454	使用方式: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] 從 SPD 裡刪除規則。 參數: 標記 值 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 srcport -來源連接埠。0 代表任何連接埠。 dstport -目的地連接埠。0 代表任何連接埠。 mirrored -'Yes' 會建立兩個篩選器，每個方向一個。 conntype -連線類型可以是 lan、dialup 或 'all'。 srcmask -來源位址遮罩或 1 到 32 間的首碼。 dstmask -目的地位址遮罩或 1 到 32 間的首碼。 tunneldstaddress -通道目的地 IP 位址或 DNS 名稱。 備註: 1. 若要指定目前電腦位址，請設定 srcaddr/dstaddr=me 若要指定所有電腦位址，請設定 srcaddr/dstaddr=any 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY 3. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan	Usage: rule [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) [ srcport = ] [ dstport = ] [ mirrored = ] (yes | no) [ conntype = ] (lan | dialup | all) [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ tunneldstaddress = ] (ip | dns) ] Deletes a rule from SPD. Parameters: Tag Value srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. mirrored -‘Yes’ creates two filters, one in each direction. conntype -Connection type can be lan, dialup or ‘all’. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. tunneldstaddress -Tunnel destination ip address or dns name. Remarks: 1. To specify the current computer address, set srcaddr/dstaddr=me To specify all computer addresses, set srcaddr/dstaddr=any 2. Server type can be WINS, DNS, DHCP or GATEWAY 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: delete rule srca=192.168.145.110 dsta=192.168.145.215 tunneldsta=192.168.145.1 proto=tcp srcport=80 dstport=80 mirror=no conntype=lan
12455	使用方式: all 從 SPD 裡刪除所有原則，篩選器，和驗證方法。 範例: delete all	Usage: all Deletes all policies, filters, and authentication methods from SPD. Example: delete all
12500	從 SPD 裡顯示原則、篩選器，和動作。	Displays policy, filter, and actions from SPD.
12510	從 SPD 顯示原則、篩選器、SA，和統計。	Displays policies, filters, SAs, and statistics from SPD.
12511	從 SPD 裡顯示主要模式原則詳細資訊。	Displays main mode policy details from SPD.
12512	從 SPD 裡顯示快速模式原則詳細資訊。	Displays quick mode policy details from SPD.
12513	從 SPD 裡顯示主要模式篩選器詳細資訊。	Displays main mode filter details from SPD.
12514	從 SPD 裡顯示快速模式篩選器詳細資訊。	Displays quick mode filter details from SPD.
12515	從 SPD 裡顯示 IPsec 和 IKE 統計。	Displays IPsec and IKE statistics from SPD.
12516	從 SPD 裡顯示主要模式安全性關聯。	Displays main mode security associations from SPD.
12517	從 SPD 裡顯示快速模式安全性關聯。	Displays quick mode security associations from SPD.
12518	顯示 IPsec 設定。	Displays IPsec configuration.
12519	從 SPD 顯示規則詳細。	Displays rule details from SPD.
12550	使用方式: all [ [ resolvedns = ] (yes | no) ] 顯示所有 SPD 裡的原則、篩選器，SA 和統計的詳細資訊。 參數: 標記 值 resolvedns -'yes' 會顯示解析的 DNS 名稱。 備註: resolvedns 的預設值是‘no’。 範例: show all yes - 顯示所有具有 DNS 解析的資訊	Usage: all [ [ resolvedns = ] (yes | no) ] Displays details of all policies, filters, SAs, and statistics from SPD. Parameters: Tag Value resolvedns -Value of 'yes' displays the resolved dns name. Remarks: Default value of resolvedns is ‘no’. Examples: show all yes - shows all information with dns resolution
12551	使用方式: mmpolicy [ name = ] | [ all ] 顯示 SPD 裡的主要模式原則的詳細資訊。 參數: 標記 值 name -主要模式原則名稱。 備註: 如果指定了 'all'，會顯示所有主要模式原則。 範例: 1. show mmpolicy name=mmp 2. show mmpolicy all	Usage: mmpolicy [ name = ] | [ all ] Displays main mode policy details from SPD. Parameters: Tag Value name -Name of the main mode policy. Remarks: If 'all' is specified, all main mode policies are displayed. Examples: 1. show mmpolicy name=mmp 2. show mmpolicy all
12552	使用方式: qmpolicy [ name = ] | [ all ] 顯示 SPD 裡的快速模式原則的詳細資訊。 參數: 標記 值 name -快速模式原則名稱。 備註: 如果指定了 'all'，會顯示所有快速模式原則。 範例: 1. show qmpolicy name=qmp 2. show qmpolicy all	Usage: qmpolicy [ name = ] | [ all ] Displays quick mode policy details from SPD. Parameters: Tag Value name -Name of the quick mode policy. Remarks: If 'all' is specified, all quick mode policies are displayed. Examples: 1. show qmpolicy name=qmp 2. show qmpolicy all
12553	使用方式: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] 顯示來自 SPD 主要模式篩選器的詳細資料。 參數: 標記 值 name | all -主要模式篩選器名稱或‘all’。 type -要顯示的篩選器類型，specific 或 generic。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 srcmask -來源位址遮罩或首碼為 1 到 32。 dstmask -目標位址遮罩或首碼為 1 到 32。 resolvedns -設為 'yes' 會顯示解析的 DNS 名稱。 備註: 1. type 參數預設為‘generic’。 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 3. 如果指定了 'all'，則會顯示所有主要模式篩選器。 4. 如果指定了來源位址或目標位址， 則只會顯示跟該位址相關聯的篩選器。 5. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112	Usage: mmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ resolvedns = ] (yes | no) ] Displays main mode filter details from SPD. Parameters: Tag Value name | all -Name of the main mode filter or ‘all’. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘generic’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If 'all' is specified, all main mode filters are displayed. 4. If source address or destination address is specified, only filters associated with that address are displayed. 5. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show mmfilter name=mmf 2. show mmfilter all srcaddr=wins dstaddr=192.168.145.112
12554	使用方式: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 顯示 SPD 裡的快速模式篩選器的詳細資訊。 參數: 標記 值 name -快速模式篩選器的名稱。 type -要顯示的篩選器類型，specific 或 generic。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 srcmask -來源位址遮罩或 1 到 32 間的首碼。 dstmask -目的地位址遮罩或 1 到 32 間的首碼。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 srcport -來源連接埠。0 代表任何連接埠。 dstport -目的地連接埠。0 代表任何連接埠。 actioninbound -輸入封包動作。 actionoutbound -輸出封包動作。 resolvedns -值 'yes' 會顯示解析的 DNS 名稱。 備註: 1. 若未指定 type 參數，則會顯示'generic' 和 'specific' 篩選器。 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 3. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. show qmfilter name=qmf 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP 3. 如果指定了 'all'，會顯示所有快速模式篩選器。 4. 如果指定了來源位址名稱或目的地位址名稱， 只會顯示與該位址關聯的篩選器。	Usage: qmfilter [ name = ] | [ all ] [ [ type = ] (generic | specific) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays quick mode filter details from SPD. Parameters: Tag Value name -Name of the quick mode filter. type -Type of filter to display, either specific or generic. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. If the type is not specified then both ‘generic’ and ‘specific’ filters are displayed. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmfilter name=qmf 2. show qmfilter all srcaddr=192.134.135.133 proto=TCP 3. If 'all' is specified, all quick mode filters are displayed. 4. If source or destination address name is specified, only filters associated with that address are displayed.
12555	使用方式: stats [ [type =] (all | ike | IPsec) ] 顯示 IPsec 和 IKE 統計的詳細資訊。 參數: 標記 值 type -IPsec、ike 或 all (會顯示 IPsec 和 ike) 備註: 範例: 1. show stats all 2. show stats type=IPsec	Usage: stats [ [type =] (all | ike | ipsec) ] Displays details of IPsec and IKE statistics. Parameters: Tag Value type -ipsec, ike, or all (which displays both ipsec and ike) Remarks: Examples: 1. show stats all 2. show stats type=ipsec
12556	使用方式: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 顯示指定位址的主要模式安全性關聯。 參數: 標記 值 all -顯示所有主要模式的安全性關聯。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 dstaddr -目標 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱，或伺服器類型。 format -輸入到螢幕或用 Tab 分隔格式輸入。 resolvedns -'yes' 會顯示解析的 DNS 名稱。 備註: 1. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 2. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。\ 範例: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215	Usage: mmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the main mode security associations for a specified address. Parameters: Tag Value all -Display all main mode security associations. srcaddr - Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6).\ Examples: 1. show mmsas all 2. show mmsas srca=192.168.145.110 dsta=192.168.145 .215
12557	使用方式: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] 顯示指定位址的快速模式安全性關聯。 參數: 標記 值 all -顯示所有快速模式安全性關聯。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 format -在螢幕上顯示或以 Tab 分隔格式輸出。 resolvedns -值 'yes' 會顯示解析的 DNS 名稱。 備註: 1. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 2. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215	Usage: qmsas [ [ all ] ] [ [ srcaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr =] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ format = ] (list | table) ] [ [ resolvedns = ] (yes | no) ] Displays the quick mode security associations for a specified address. Parameters: Tag Value all -Displays all quick mode security associations. srcaddr -Source ip address(ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address(ipv4 or ipv6), address range, dns name, or server type. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. format -Output in screen or tab-delimited format. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Server type can be WINS, DNS, DHCP or GATEWAY. 2. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show qmsas all 2. show qmsas srca=192.168.145.110 dsta=192.168.145.215
12558	使用方式: config 顯示目前 IPsec 設定參數的設定。 備註: 範例: show config	Usage: config Displays current settings of IPsec configuration parameters. Remarks: Example: show config
12559	使用方式: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] 顯示 SPD 裡得規則詳細資訊。 參數: 標記 值 type -要顯示的規則類型，transport 或 tunnel。 srcaddr -來源 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 dstaddr -目的地 IP 位址 (ipv4 或 ipv6)、位址範圍、DNS 名稱或伺服器類型。 srcmask -來源位址遮罩或 1 到 32 間的首碼。 dstmask -目的地位址遮罩或 1 到 32 間的首碼。 protocol -可以是 ANY、ICMP、TCP、UDP、RAW 或整數。 srcport -來源連接埠。0 代表任何連接埠。 dstport -目的地連接埠。0 代表任何連接埠。 actioninbound -輸入封包動作。 actionoutbound -輸出封包動作。 resolvedns -值 'yes' 會顯示解析的 DNS 名稱。 備註: 1. type 參數的預設值是'transport'。 2. 伺服器類型可以是 WINS、DNS、DHCP 或 GATEWAY。 3. 如果指定了來源位址名稱或目的地位址名稱，只會顯示與該位址關聯的規則。 4. 如果已經指定位址範圍，端點必須是明確的位址 (不可以為清單或子網路) 且為相同類型 (應該兩者都是 v4 或兩者都是 v6)。 範例: 1. show rule - 顯示 transport 與 tunnel 規則 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP	Usage: rule [ [ type = ] (transport | tunnel) ] [ [ srcaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ dstaddr = ] (ipv4 | ipv6 | ipv4-ipv4 | ipv6-ipv6 | dns | server) ] [ [ srcmask = ] (mask | prefix) ] [ [ dstmask = ] (mask | prefix) ] [ [ protocol = ] (ANY | ICMP | TCP | UDP | RAW | ) ] [ [ srcport = ] ] [ [ dstport = ] ] [ [ actioninbound = ] (permit | block | negotiate) ] [ [ actionoutbound = ] (permit | block | negotiate) ] [ [ resolvedns = ] (yes | no) ] Displays rule details from SPD. Parameters: Tag Value type -Type of rule to display, either transport or tunnel. srcaddr -Source ip address (ipv4 or ipv6), address range, dns name, or server type. dstaddr -Destination ip address (ipv4 or ipv6), address range, dns name, or server type. srcmask -Source address mask or a prefix of 1 through 32. dstmask -Destination address mask or a prefix of 1 through 32. protocol -Can be ANY, ICMP, TCP, UDP, RAW, or an integer. srcport -Source port. A value of 0 means any port. dstport -Destination port. A value of 0 means any port. actioninbound -Action for inbound packets. actionoutbound -Action for outbound packets. resolvedns -Value of 'yes' displays the resolved dns name. Remarks: 1. Default for the type parameter is ‘transport’. 2. Server type can be WINS, DNS, DHCP or GATEWAY. 3. If source or destination address name is specified, only rules associated with that address are displayed. 4. If an address range is specified, the endpoints need to be specific addresses (not lists, or subnets) and of the same type (both should be v4 or both should be v6). Examples: 1. show rule - shows both transport and tunnel rules 2. show rule type=transport srcaddr=192.134.135.133 proto=TCP
13001	原則數目 : %1!d!	No. of policies : %1!d!
13002	存放區 : 本機存放區	Store : Local Store
13006	存放區 : 網域存放區	Store : Domain Store
13012	遠端機器	Remote Machine
13013	本機機器	Local Machine
13014	遠端網域	Remote Domain
13015	本機網域	Local Domain
13016	本機電腦	Local Machine
13017	本機網域	Local Domain
13100	原則名稱 : %1!s!	Policy Name : %1!s!
13304	規則識別碼 : %1!d!, GUID = %2!s!	Rule ID : %1!d!, GUID = %2!s!
13305	篩選器清單名稱 : %1!s!	FilterList Name : %1!s!
13306	篩選器清單名稱 : 無	FilterList Name : NONE
13602	原則名稱 : %1!s!	Policy Name : %1!s!
13603	描述 : %1!s!	Description : %1!s!
13604	描述 : 無	Description : NONE
13605	指派 : 是	Assigned : YES
13606	指派 : 否	Assigned : NO
13607	主 PFS : 是	Master PFS : YES
13608	主 PFS : 否	Master PFS : NO
13609	輪詢間隔 : %1!d! 分鐘	Polling Interval : %1!d! minutes
13610	規則數目 : %1!d!	No. of Rules : %1!d!
13611	規則詳細資訊	Rule Details
13612	------------	------------
13615	指派 : 是但是 AD 原則覆蓋	Assigned : YES but AD Policy Overrides
13700	規則名稱 : %1!s!	Rule Name : %1!s!
13701	規則名稱 : 無	Rule Name : NONE
13705	驗證方法 (%1!d!)	Authentication Methods(%1!d!)
13708	通道目的地 IP 位址 :	Tunnel Dest IP Address :
13709	連線類型 : 全部	Connection Type : ALL
13710	連線類型 : 區域網路	Connection Type : LAN
13711	連線類型 : 撥號	Connection Type : DIAL UP
13712	連線類型 : 無	Connection Type : NONE
13713	篩選器清單詳細資訊	FilterList Details
13714	------------------	------------------
13715	在預設回應規則裡不存在篩選器清單	No FilterList exists in Default Response Rule
13716	篩選器動作詳細資訊	FilterAction Details
13717	---------------------	---------------------
13734	傳輸規則數目: %1!d!	No of Transport rule(s): %1!d!
13735	通道規則數目 : %1!d!	No of Tunnel rule(s) : %1!d!
13736	啟動 : 是	Activated : YES
13737	啟動 : 否	Activated : NO
13738	已啟動 : 是 Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。	Activated : YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
13800	篩選器動作名稱 : %1!s!	FilterAction Name : %1!s!
13801	篩選器動作名稱 : 無	FilterAction Name : NONE
13802	動作 : 允許	Action : PERMIT
13803	動作 : 封鎖	Action : BLOCK
13804	動作 : 交涉安全性	Action : NEGOTIATE SECURITY
13805	AllowUnsecure(Fallback): 是	AllowUnsecure(Fallback): YES
13806	AllowUnsecure(Fallback): 否	AllowUnsecure(Fallback): NO
13807	輸入 Passthrough : 是	Inbound Passthrough : YES
13808	輸入 Passthrough : 否	Inbound Passthrough : NO
13809	安全性方式數目: %1!d!	No. of Security.Methods: %1!d!
13812	AH ESP 存留 (秒/kB)	AH ESP LIFE (Sec/kB)
13813	-- --- -------------	-- --- -------------
13815	QMPFS : YES	QMPFS : YES
13816	QMPFS : NO	QMPFS : NO
14200	KERBEROS	KERBEROS
14201	根 CA : %1!s!	Root CA : %1!s!
14202	預先共用金鑰 : %1!s!	Preshared Key : %1!s!
14203	無	NONE
14300	篩選器清單名稱 : %1!s!	FilterList Name : %1!s!
14301	篩選器清單名稱 : 無	FilterList Name : NONE
14302	篩選器數目 : %1!d!	No. of Filters : %1!d!
14304	篩選器	Filter(s)
14305	---------	---------
14308	GUID : %1!s!	GUID : %1!s!
14309	上次修改 : %1!s!	Last Modified : %1!s!
14500	來源 DNS 名稱 :	Source DNS Name :
14501	來源 DNS 名稱 : %1!s!	Source DNS Name : %1!s!
14505	來源 DNS 名稱 : 無	Source DNS Name : NONE
14506	目的地 DNS 名稱 :	Destination DNS Name :
14507	目的地 DNS 名稱 : %1!s!	Destination DNS Name : %1!s!
14511	目的地 DNS 名稱 : 無	Destination DNS Name : NONE
14512	鏡像處理 : 是	Mirrored : YES
14513	鏡像處理 : 否	Mirrored : NO
14514	來源 DNS 名稱 : %1!s! 解析到	Source DNS Name : %1!s! resolves to
14515	目的地 DNS 名稱 : %1!s! 解析到	Destination DNS Name : %1!s! resolves to
14516	來源 DNS 名稱 :	Source DNS Name :
14517	來源 DNS 名稱 :	Source DNS Name :
14520	目的地 DNS 名稱 :	Destination DNS Name :
14521	目的地 DNS 名稱 :	Destination DNS Name :
14522	目的地 DNS 名稱 :	Destination DNS Name :
14526	%1!-15s!	%1!-15s!
14527	%1!s!	%1!s!
14528	%1!s!	%1!s!
14529
14530	,	,
14531	...	...
14600	來源 IP 位址 :	Source IP Address :
14602	來源 IP 位址 :	Source IP Address :
14603	來源遮罩 :	Source Mask :
14604	目的地 IP 位址 :	Destination IP Address :
14606	目的地 IP 位址 :	Destination IP Address :
14607	目的地遮罩 :	Destination Mask :
14608	來源連接埠 : %1!d!	Source Port : %1!d!
14609	來源連接埠 : 任何	Source Port : ANY
14610	目的地連接埠 : %1!d!	Destination Port : %1!d!
14611	目的地連接埠 : 任何	Destination Port : ANY
14615	解析到 %1!s!	resolves to %1!s!
14617	來源 IP 位址 :	Source IP Address :
14618	來源 IP 位址 :	Source IP Address :
14620	來源 IP 位址 :	Source IP Address :
14621	目的地 IP 位址 :	Destination IP Address :
14622	目的地 IP 位址 :	Destination IP Address :
14623	目的地 IP 位址 :	Destination IP Address :
14624	目的地 IP 位址 :	Destination IP Address :
14625	來源連接埠範圍 : %1!d!-%2!d!	Source Port Range : %1!d!-%2!d!
14626	目的地連接埠範圍 : %1!d!-%2!d!	Destination Port Range : %1!d!-%2!d!
14700	通訊協定 : ICMP	Protocol : ICMP
14701	通訊協定 : TCP	Protocol : TCP
14703	通訊協定 : UDP	Protocol : UDP
14708	通訊協定 : RAW	Protocol : RAW
14709	通訊協定 : 任何	Protocol : ANY
14710	通訊協定 : %1!d!	Protocol : %1!d!
14802	主要模式安全性方式順序	Main Mode Security Method Order
14803	主要模式存留期 : %1!d! 分鐘 / %2!d! 快速模式工作階段	MainMode LifeTime : %1!d! minutes / %2!d! Quick Mode sessions
14804	加密 完整性 DH 群組	Encryption Integrity DH Group
14805	---------- --------- --------	---------- --------- --------
14900	DES	DES
14901	3DES	3DES
14902	SHA1	SHA1
14903	MD5	MD5
14904	低(1)	Low(1)
14905	媒體(2)	Medium(2)
14906	2048	2048
15001	來源機器 : 本機電腦 GPO 為	Source Machine : Local Computer GPO for
15002	來源網域 : %1!s!	Source Domain : %1!s!
15003	DC 名稱 : %1!s!	DC Name : %1!s!
15004	GPO 名稱 : %1!s!	GPO Name : %1!s!
15005	本機 IPsec 原則名稱 : %1!s!	Local IPsec Policy Name : %1!s!
15006	AD IPsec 原則名稱 : %1!s!	AD IPsec Policy Name : %1!s!
15007	GPO DN : %1!s!	GPO DN : %1!s!
15008	GPO OU 連結 : %1!s!	GPO OU Link : %1!s!
15009	AD 原則 DN : %1!s!	AD Policy DN : %1!s!
15010	本機 IPsec 原則已指派 : 是，但是 AD 原則正在覆蓋中	Local IPsec Policy Assigned: Yes, but AD Policy is Overriding
15011	本機 IPsec 原則 DN : %1!s!	Local IPsec Policy DN : %1!s!
15016	本機 IPsec 原則名稱 : 無	Local IPsec Policy Name : NONE
15017	AD IPsec 原則名稱 : 無	AD IPsec Policy Name : NONE
15018	IPsec 原則名稱 : %1!s!	IPsec Policy Name : %1!s!
15019	IPsec 原則 DN : %1!s!	IPsec Policy DN : %1!s!
15020	IPsec 原則已指派 : 是	IPsec Policy Assigned : YES
15021	排除 CA 名稱 : 是	Exclude CA name : YES
15022	排除 CA 名稱 : 否	Exclude CA name : NO
15023	Certmapping 已啟用 : 是	Certmapping enabled : YES
15024	Certmapping 已啟用 : 否	Certmapping enabled : NO
16001	原則數目 %1!d!	No. of policies %1!d!
16003	存放區 本機存放區	Store Local Store
16007	存放區 網域存放區	Store Domain Store
16010	存放區 本機存放區	Store Local Store
16011	存放區 網域存放區	Store Domain Store
16013	憑證到帳戶對應 是	Cert To Account Mapping YES
16014	憑證到帳戶對應 否	Cert To Account Mapping NO
16100	原則名稱 %1!s!	Policy Name %1!s!
16101	規則名稱 %1!s!	Rule Name %1!s!
16303	沒指定原則名稱	No Policy Name Specified
16304	規則識別碼 %1!d!, GUID = %2!s!	Rule ID %1!d!, GUID = %2!s!
16306	%1!-23s!	%1!-23s!
16602	原則名稱 %1!s!	Policy Name %1!s!
16603	描述 %1!s!	Description %1!s!
16604	描述 無	Description NONE
16605	指派了 是	Assigned YES
16606	指派了 否	Assigned NO
16607	主 PFS 是	Master PFS YES
16608	主 PFS 否	Master PFS NO
16609	輪詢間隔 %1!d! 分鐘	Polling Interval %1!d! minutes
16610	規則數目 %1!d!	No. of Rules %1!d!
16611	規則詳細資訊	Rule Details
16613	指派了 是但是 AD 原則覆蓋	Assigned YES but AD Policy Overrides
16614	原則名稱 規則 上次修改 指派	Policy Name Rules LastModified Assign
16615	%1!-32s!	%1!-32s!
16616	是但是 AD 原則覆蓋	YES but AD Policy Overrides
16617	是	YES
16618	否	NO
16619	---------- ----- ------------ ------	---------- ----- ------------ ------
16620	原則名稱 規則 上次修改	Policy Name Rules LastModified
16621	----------- ----- ------------	----------- ----- ------------
16700	規則名稱 %1!s!	Rule Name %1!s!
16701	規則名稱 無	Rule Name NONE
16705	啟用 篩選器清單 篩選器動作 驗證	Enabled FilterList FilterAction Authentication
16706	------- ---------- ------------ --------------	------- ---------- ------------ --------------
16707	通道目的地 IP 位址 無	Tunnel Dest IP Address NONE
16708	通道目的地 IP 位址	Tunnel Dest IP Address
16709	連線類型 全部	Connection Type ALL
16710	連線類型 區域網路	Connection Type LAN
16711	連線類型 撥號	Connection Type DIAL UP
16712	連線類型 不明	Connection Type UNKNOWN
16716	篩選器動作詳細資訊	FilterAction Details
16717	--------------------	--------------------
16718	啟動了 是	Activated YES
16719	啟動了 否	Activated NO
16721	是	YES
16722	否	NO
16724	無	NONE
16728	Kerb	Kerb
16729	Cert	Cert
16730	Pre	Pre
16734	傳輸規則數目 %1!d!	No of Transport rule(s) %1!d!
16735	通道規則數目 %1!d!	No of Tunnel rule(s) %1!d!
16737	啟用 篩選器清單 篩選器動作 通道端點	Enabled FilterList FilterAction TunnelEndPoint
16738	------- ---------- ------------ --------------	------- ---------- ------------ --------------
16739	是 Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。	YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16740	已啟動 是 Windows Vista 和較新版本的 Windows 不支援預設回應規則。此原則不會生效。	Activated YES Default response rule is not supported on Windows Vista and later versions of Windows. This policy is not in effect.
16800	篩選器動作名稱 %1!s!	FilterAction Name %1!s!
16801	篩選器動作名稱 無	FilterAction Name NONE
16802	動作 允許	Action PERMIT
16803	動作 封鎖	Action BLOCK
16804	動作 交涉安全性	Action NEGOTIATE SECURITY
16805	輸入 PassThrough 是	InBound PassThrough YES
16806	輸入 PassThrough 否	InBound PassThrough NO
16807	AllowUnSecure(Fallback) 是	AllowUnSecure(Fallback) YES
16808	AllowUnSecure(Fallback) 否	AllowUnSecure(Fallback) NO
16810	安全性方法	Security Methods
16812	AH ESP 秒鐘 kBytes	AH ESP Seconds kBytes
16813	-- --- ------- ------	-- --- ------- ------
16814	QMPFS 是	QMPFS YES
16815	QMPFS 否	QMPFS NO
16816	篩選器動作名稱 動作 上次修改	FilterAction Name Action Last Modified
16817	----------------- ------ -------------	----------------- ------ -------------
16818	%1!-38s!	%1!-38s!
16820	許可	PERMIT
16821	區塊	BLOCK
16822	訊號交涉	NEGOTIATE
16824	%1!-23s!	%1!-23s!
17000	[MD5 ]	[MD5 ]
17001	[SHA1]	[SHA1]
17002	[無]	[NONE]
17003	[無 ， 無]	[NONE , NONE]
17007	[MD5 ,	[MD5 ,
17008	[SHA1 ,	[SHA1 ,
17009	[無 ，	[NONE ,
17010	DES ]	DES ]
17011	3DES]	3DES]
17012	無]	NONE]
17100	%1!6u! %2!10u!	%1!6u! %2!10u!
17201	ROOT CA %1!s!	ROOT CA %1!s!
17202	預先共用金鑰 %1!s!	PRESHARED Key %1!s!
17300	篩選器清單名稱 %1!s!	FilterList Name %1!s!
17301	篩選器清單名稱 無	FilterList Name NONE
17306	篩選器清單名稱 篩選器 上次修改	FilterList Name Filters Last Modified
17307	--------------- ------- -------------	--------------- ------- -------------
17308	GUID %1!s!	GUID %1!s!
17309	上次修改 %1!s!	Last Modified %1!s!
17310	篩選器數目 %1!d!	No. of Filters %1!d!
17501	%1!-45s!	%1!-45s!
17508	%1!5d!	%1!5d!
17512	是	YES
17513	否	NO
17514	Mir 來源 來源遮罩 目的地 目的地遮罩 通訊協定 來源通訊協定 目的地通訊協定	Mir Source SrcMask Destination DstMask Proto SrcPort DstPort
17515	--- ------------- ------------- ------------- ------------- ------- ------- -------	--- ------------- ------------- ------------- ------------- ------- ------- -------
17600
17608	%1!3d!	%1!3d!
17609	任何	ANY
17610	%1!3d!	%1!3d!
17611	任何	ANY
17612	DNS SERVER	DNS SERVER
17613	WINS SERVER	WINS SERVER
17614	DHCP SERVER	DHCP SERVER
17615	DEFAULT GATEWAY	DEFAULT GATEWAY
17616	%1!3d!-%2!3d!	%1!3d!-%2!3d!
17617	%1!3d!-%2!3d!	%1!3d!-%2!3d!
17700	ICMP	ICMP
17701	TCP	TCP
17703	UDP	UDP
17708	RAW	RAW
17710	OTHER	OTHER
17803	主要模式存留期 %1!d! 分鐘 / %2!d! 快速模式工作階段	MainMode LifeTime %1!d! minutes / %2!d! Quick mode sessions
17804	加密性 整合性 DH 群組	Encryption Integrity DH Group
17805	---------- --------- --------	---------- --------- --------
17900	DES	DES
17901	3DES	3DES
18000	獨立篩選器動作	Stand Alone FilterAction(s)
18001	---------------------------	---------------------------
18004	獨立篩選器動作數目 %1!d!	No. of Standalone FilterActions %1!d!
18100	獨立篩選器清單	Stand Alone FilterList(s)
18101	-------------------------	-------------------------
18104	獨立篩選器清單數目 %1!d!	No. of Standalone FilterLists %1!d!
18200	篩選器清單數目 %1!d!	No. of FilterLists %1!d!
18204	篩選器清單數目 : %1!d!	No. of FilterLists : %1!d!
18300	篩選器動作數目 %1!d!	No. of FilterActions %1!d!
18304	篩選器動作數目 : %1!d!	No. of FilterActions : %1!d!
18500	原則 '%1!s!' 是使用中。您還是想要刪除嗎? (是/否)	The policy '%1!s!' is ACTIVE. Still would you like to delete? (Y/N)
18503	您想要刪除所有跟這個原則關聯的篩選器清單和篩選器動作嗎 ? (是/否)	Would you like to delete all the Filter List(s) and Filter Action(s) associated with the policy ? (Y/N)
18602	刪除所有篩選器清單	Delete all the Filter Lists from
18603	? (是/否)	? (Y/N)
18652	刪除所有篩選器動作	Delete all the Filter Actions from
18706	您想要刪除跟這個規則關聯的篩選器清單和篩選器動作嗎? (是/否)	Would you like to delete both the Filter List and Filter Action associated with the rule(s)? (Y/N)
18750	您確定要刪除所有原則嗎	Are you sure to delete all policies from
18780	下列原則/規則正在使用它	Following policies/rule(s) are using it
18781	---------------------------------------	---------------------------------------
18782	規則名稱 : %1!s!	Rule Name : %1!s!
18783	規則名稱 : 無	Rule Name : NONE
18794	時間應該是在 %1!d! 和 %2!d! kBytes 之間	Life should be within %1!d! and %2!d! kBytes
18802	新增原則已建立和更新成功	New Policy is created and updated successfully
18805	正在建立名稱為 '%1!s!' 的新增原則...	Creating new Policy with name '%1!s!'...
18806	正在建立名稱為 '%1!s!' 的新增原則和設定它到 '%2!s!'...	Creating new Policy with name '%1!s!' and setting it to '%2!s!'...
18840	目的地 IP 位址已當作是 'me'	Destination IP address has been taken as 'me'
18841	來源 IP 位址已當作是 'me'	Source IP address has been taken as 'me'
18848	新增規則已建立和更新成功	New Rule was created and updated successfully
18849	正在建立名稱為 '%1!s!' 的新增規則...	Creating new Rule with name '%1!s!' ...
18855	正在建立名稱為 '%1!s!' 的新增規則和設定它到 '%2!s!' ...	Creating new Rule with name '%1!s!' and setting it to '%2!s!' ...
18856	伺服器位址類型或位址類型 ME、ANY 或位址範圍無法被通道端點指定。	Server address types, address types ME or ANY, or address ranges cannot be specified for tunnel endpoint.
18861	您想要建立新增原則嗎? (是/否)	Would you like to create a new policy? (Y/N)
18868	憑證到帳戶對應只能在 Active Directory 網域成員啟用。將忽視選項。	Certificate-to-account mapping can only be enabled on Active Directory domain members. The option will be ignored.
18869	憑證到帳戶對應: 是	Cert To Account Mapping: YES
18870	憑證到帳戶對應: 否	Cert To Account Mapping: NO
18871	如果儲存是網域和已指定指派，則需要 GPO 名稱	If store is domain and assign is specified, GPO name is required
18872	如果指定 GPO 名稱，表示您是在網域原則存放區操作。	If GPO name is specified, then you must be operating on a domain policy store.
18893	您想要建立新增規則嗎? (是/否)	Would you like to create a new Rule? (Y/N)
19002	IKE MM 原則名稱 : %1!s!	IKE MM Policy Name : %1!s!
19012	ANY	ANY
19018	IKE 軟 SA 存留期 : %1!u! 秒	IKE Soft SA Lifetime : %1!u! secs
19023	[%1!S!]	[%1!S!]
19025	'Netsh ipsec' 內容和目標電腦不相容。	The 'Netsh ipsec' context is not compatible with the target machine.
19102	主要模式原則無法使用。	Mainmode Policies not available.
19104	所指定的主要模式原則無法使用	Specified Mainmode Policy not available
19106	加密 完整性 DH 存留期 (Kb:秒) QM 限制 每 MM	Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
19107	---------- --------- ---- ------------------ ---------------	---------- --------- ---- ------------------ ---------------
19121	DES	DES
19122	不明	UNKNOWN
19123	3DES	3DES
19129	%1!-5lu! %2!lu!:%3!lu! %4!-10lu!	%1!-5lu! %2!lu!:%3!lu! %4!-10lu!
19130	%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)	%1!-5lu! %2!lu!:%3!lu! 1 (MMPFS)
19153	快速模式原則無法使用。	Quickmode Policies not available.
19155	所指定的快速模式原則無法使用	Specified Quickmode Policy not available
19156	QM 交涉原則名稱 : %1!s!	QM Negotiation Policy Name : %1!s!
19158	安全性方式 存留期 (Kb:秒) PFS DH 設定	Security Methods Lifetime (Kb:secs) PFS DH Group
19159	------------------------- --------------------- ------------	------------------------- --------------------- ------------
19165	AH[MD5]	AH[MD5]
19166	AH[SHA1]	AH[SHA1]
19167	AH[NONE]	AH[NONE]
19168	ESP[ DES,	ESP[ DES,
19169	ESP[ ERR,	ESP[ ERR,
19170	ESP[3DES,	ESP[3DES,
19171	ESP[NONE,	ESP[NONE,
19172	MD5]	MD5]
19173	SHA1]	SHA1]
19174	NONE]	NONE]
19176	低 (1)	Low (1)
19178	%1!10lu!:%2!-10lu!	%1!10lu!:%2!-10lu!
19179	繼承主要模式	Main Mode Derived
19180	高 (2048)	High (2048)
19181	AH[ERR]	AH[ERR]
19182	ERR]	ERR]
19183	錯誤	ERROR
19192	+	+
19193	媒體 (2)	Medium (2)
19198	篩選器名稱 : %1!s!	Filter name : %1!s!
19200	標準主要模式篩選器無法使用。	Generic Mainmode Filters not available.
19201	特定主要模式篩選器無法使用。	Specific Mainmode Filters not available.
19202	指定的主要模式篩選器無法使用。	Specified Mainmode Filter not available.
19203	主要模式篩選器:	Main Mode Filters:
19204	一般	Generic
19205	-------------------------------------------------------------------------------	-------------------------------------------------------------------------------
19206	指定的	Specific
19207	輸出	Outbound
19208	輸入	Inbound
19209	重量 : %1!d!	Weight : %1!d!
19210	%1!d! 標準篩選器	%1!d! Generic Filter(s)
19211	%1!d! 特地輸出篩選器	%1!d! Specific Outbound Filter(s)
19212	%1!d! 特定輸入篩選器	%1!d! Specific Inbound Filter(s)
19219	全部	ALL
19220	LAN	LAN
19221	撥號	DIALUP
19229	未知	Unknown
19236	連線類型 :	Connection Type :
19237	驗證方法 :	Authentication Methods :
19238	預先共用金鑰	Preshared key
19240	Kerberos	Kerberos
19241	安全性方式 :	Security Methods :
19242	%1!d!	%1!d!
19243	(預設)	(default)
19244	NONE/	NONE/
19245	DES/	DES/
19246	UNKNOWN/	UNKNOWN/
19247	3DES/	3DES/
19249	MD5/	MD5/
19250	SHA1/	SHA1/
19251	DH%1!lu!/%2!lu!/QMlimit=%3!lu!	DH%1!lu!/%2!lu!/QMlimit=%3!lu!
19265	標準快速模式篩選器無法使用。	Generic Quickmode Filters not available.
19266	特定快速模式篩選器無法使用。	Specific Quickmode Filters not available.
19267	指定的快速模式篩選器無法使用。	Specified Quickmode Filter not available.
19268	快速模式篩選器(傳輸):	Quick Mode Filters(Transport):
19269	傳輸規則	Transport Rules
19270	通道規則	Tunnel Rules
19271	MM 篩選器名稱 : %1!s!	MM Filter Name : %1!s!
19272	QM 篩選器名稱 : %1!s!	QM Filter Name : %1!s!
19273	主要模式原則 : %1!s!	Main Mode Policy : %1!s!
19274	%1!d! 傳輸篩選器	%1!d! Transport Filter(s)
19275	%1!d! 通道篩選器	%1!d! Tunnel Filter(s)
19276	快速模式篩選器(通道):	Quick Mode Filters(Tunnel):
19278	規則無法使用。	Rules not available.
19280	輸入動作 : Passthru	Inbound Action : Passthru
19281	輸入動作 : 交涉	Inbound Action : Negotiate
19282	輸入動作 : 封鎖	Inbound Action : Blocking
19283	輸入動作 : 不明	Inbound Action : Unknown
19284	輸出動作 : Passthru	Outbound Action : Passthru
19285	輸出動作 : 交涉	Outbound Action : Negotiate
19286	輸出動作 : 封鎖	Outbound Action : Blocking
19287	輸出動作 : 不明	Outbound Action : Unknown
19292	%1!-5lu!	%1!-5lu!
19293	通道來源 :	Tunnel Source :
19294	通道目的地 :	Tunnel Destination :
19295	來源連接埠: %1!-4lu! 目的地連接埠: %2!-4lu!	Src Port: %1!-4lu! Dest Port: %2!-4lu!
19296	鏡像處理 : 是	Mirrored : yes
19297	鏡像處理 : 否	Mirrored : no
19298	快速模式原則 : %1!s!	Quick Mode Policy : %1!s!
19299	通訊協定 :	Protocol :
19300	IKE 統計	IKE Statistics
19301	--------------	--------------
19302	IKE 統計無法使用。	IKEStatistics not available.
19303	主要模式 : %1!S!	Main Modes : %1!S!
19304	快速模式 : %1!S!	Quick Modes : %1!S!
19305	軟 SA : %1!S!	Soft SAs : %1!S!
19306	驗證失敗 : %1!S!	Authentication Failures : %1!S!
19307	使用中擷取 : %1!S!	Active Acquire : %1!S!
19308	使用中接收 : %1!S!	Active Receive : %1!S!
19309	擷取失敗 : %1!S!	Acquire fail : %1!S!
19310	接收失敗 : %1!S!	Receive fail : %1!S!
19311	傳送失敗 : %1!S!	Send fail : %1!S!
19312	擷取堆積大小 : %1!S!	Acquire Heap size : %1!S!
19313	接收堆積大小 : %1!S!	Receive Heap size : %1!S!
19314	交涉失敗 : %1!S!	Negotiation Failures : %1!S!
19315	接收到不正確的 Cookie : %1!S!	Invalid Cookies Rcvd : %1!S!
19316	總共擷取 : %1!S!	Total Acquire : %1!S!
19317	TotalGetSpi : %1!S!	TotalGetSpi : %1!S!
19318	TotalKeyAdd : %1!S!	TotalKeyAdd : %1!S!
19319	TotalKeyUpdate : %1!S!	TotalKeyUpdate : %1!S!
19320	GetSpiFail : %1!S!	GetSpiFail : %1!S!
19321	KeyAddFail : %1!S!	KeyAddFail : %1!S!
19322	KeyUpdateFail : %1!S!	KeyUpdateFail : %1!S!
19323	IsadbListSize : %1!S!	IsadbListSize : %1!S!
19324	ConnListSize : %1!S!	ConnListSize : %1!S!
19325	接收到不正確的封包 : %1!S!	Invalid Packets Rcvd : %1!S!
19326	IPsec 統計	IPsec Statistics
19327	----------------	----------------
19328	IPsec 統計無法使用。	IPsecStatistics not available.
19329	使用中關聯 : %1!S!	Active Assoc : %1!S!
19330	卸載 SA : %1!S!	Offload SAs : %1!S!
19331	擱置金鑰 : %1!S!	Pending Key : %1!S!
19332	金鑰新增 : %1!S!	Key Adds : %1!S!
19333	金鑰刪除 : %1!S!	Key Deletes : %1!S!
19334	登錄機碼 : %1!S!	ReKeys : %1!S!
19335	使用中通道 : %1!S!	Active Tunnels : %1!S!
19336	不良的 SPI 封包 : %1!S!	Bad SPI Pkts : %1!S!
19337	封包沒有解密 : %1!S!	Pkts not Decrypted : %1!S!
19338	封包沒有驗證 : %1!S!	Pkts not Authenticated : %1!S!
19339	有重新執行偵測的封包 : %1!S!	Pkts with Replay Detection : %1!S!
19340	已傳送的機密位元組 : %1!S!	Confidential Bytes Sent : %1!S!
19341	已接收的機密位元組 : %1!S!	Confidential Bytes Received : %1!S!
19342	已傳送的驗證位元組 : %1!S!	Authenticated Bytes Sent : %1!S!
19343	已接收的驗證位元組 : %1!S!	Authenticated Bytes Received: %1!S!
19344	已傳送的傳輸位元組 : %1!S!	Transport Bytes Sent : %1!S!
19345	已接收的傳輸位元組 : %1!S!	Transport Bytes Received : %1!S!
19346	已傳送的卸載位元組 : %1!S!	Offloaded Bytes Sent : %1!S!
19347	已接收的卸載位元組 : %1!S!	Offloaded Bytes Received : %1!S!
19348	已傳送到通道的位元組 : %1!S!	Bytes Sent In Tunnels : %1!S!
19349	通道裡已接受的位元組 : %1!S!	Bytes Received In Tunnels : %1!S!
19350	Cookie 雙對 :	Cookie Pair :
19351	%1!02x!	%1!02x!
19352	第二方式 :	Sec Methods :
19359	/%1!d!/%2!d!	/%1!d!/%2!d!
19360	驗證模式 :	Auth Mode :
19361	預先共用金鑰	Preshared Key
19362	DSS 簽章	DSS Signature
19363	RSA 簽章	RSA Signature
19364	RSA 加密	RSA Encryption
19365	Kerberos	Kerberos
19366	來源 :	Source :
19367	，連接埠 %1!d!	, port %1!d!
19368	ID :	ID :
19369	ID : %1!s!	ID : %1!s!
19370	目的地 :	Destination :
19371	目的地 安全性方式	Destination SecurityMethods
19372	建立的日期/時間	Date/Time Created
19373	-------------------------------------------------------- ----------------------	-------------------------------------------------------- ----------------------
19374	[ID:%1!-35s!]	[ID:%1!-35s!]
19375	DNS: %1!-51S!	DNS: %1!-51S!
19377	正在發行 CA :%1!s!	Issuing CA :%1!s!
19378	指紋 :	Thumbprint :
19380	:	:
19381	/	/
19382	19383 根 CA : %1!s!	19383 Root CA : %1!s!
19384	%S	%S
19385	(	(
19386	)	)
19387	根 CA : %1!s!	Root CA : %1!s!
19397	IPsec 主要模式安全性關聯無法使用。	IPsec MainMode Security Associations not available.
19398	在 %1!s! 的 IKE 主要模式 SA	IKE Main Mode SAs at %1!s!
19400	指定的主要模式安全性關聯無法使用。	Specified MainMode Security Associations not available.
19401	快速模式 SA	Quick Mode SAs
19402	--------------	--------------
19403	IPsec 快速模式安全性關聯無法使用。	IPsec QuickMode Security Associations not available.
19404	指定的快速模式安全性關聯無法使用。	Specified QuickMode Security Associations not available.
19410	傳輸篩選器	Transport Filter
19411	通道篩選器	Tunnel Filter
19412	不明	Unknown
19413	原則名稱 : %1!s!	Policy Name : %1!s!
19414	來源位址 :	Source Address :
19415	目的地位址 :	Destination Address :
19416	通訊協定 : %1!lu!	Protocol : %1!lu!
19417	來源連接埠 : %1!u!	Source Port : %1!u!
19418	目的地連接埠 : %1!u!	Destination Port : %1!u!
19419	方向 : 輸入	Direction : Inbound
19420	方向 : 輸出	Direction : Outbound
19421	方向 : 錯誤	Direction : Error
19422	使用的提供	Offer Used
19423	通訊協定 : ICMP	Protocol : ICMP
19424	通訊協定 : TCP	Protocol : TCP
19425	通訊協定 : UDP	Protocol : UDP
19426	通訊協定 : RAW	Protocol : RAW
19427	AH(b/r) ESP Con(b/r) ESP Int PFS DH 群組	AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
19428	---------- ------------- ------- ------------	---------- ------------- ------- ------------
19429	封裝類型 : IKE	Encapsulation Type : IKE
19430	封裝類型 : 其他	Encapsulation Type : Other
19431	來源 UDP 封裝連接埠 : %1!u!	Source UDP Encap port : %1!u!
19432	目的地 UDP 封裝連接埠 : %1!u!	Dest UDP Encap port : %1!u!
19433	同儕節點私人位址 :	Peer Private Addr :
19434	通訊協定 : 任何	Protocol : ANY
19441	)	)
19446	IPsec 設定參數	IPsec Configuration Parameters
19447	------------------------------	------------------------------
19448	IPsecDiagnostics : %1!d![對於 Windows Vista 或更新的作業系統而言無效]	IPsecDiagnostics : %1!d![Not valid for Windows Vista and later operating systems]
19449	IKElogging : %1!d! [對於 Windows Vista 或更新的作業系統而言無效]	IKElogging : %1!d! [Not valid for Windows Vista and later operating systems]
19450	StrongCRLCheck : %1!d!	StrongCRLCheck : %1!d!
19451	IPsecloginterval : %1!d![對於 Windows Vista 或更新的作業系統而言無效]	IPsecloginterval : %1!d![Not valid for Windows Vista and later operating systems]
19452	NLBSFlags : %1!d![對於 Windows Vista 或更新的作業系統而言無效]	NLBSFlags : %1!d![Not valid for Windows Vista and later operating systems]
19453	旗標 : %1!d![對於 Windows Vista 或更新的作業系統而言無效]	Flags : %1!d![Not valid for Windows Vista and later operating systems]
19454	IPsecexempt : %1!d!	IPsecexempt : %1!d!
19455	2048DHGroupId : %1!d![對於 Windows Vista 或更新的作業系統而言無效]	2048DHGroupId : %1!d![Not valid for Windows Vista and later operating systems]
19456	IPsec 診斷層級超出範圍。範圍是 0 - 7。	IPsec Diagnostic Level is out of range. Range is 0 - 7.
19457	IKE Logging 超出範圍。範圍是 0 - 1。	IKE Logging is out of range. Range is 0 - 1.
19458	強大 CRL 檢查層級超出範圍。範圍是 0 - 2。	Strong CRL Check Level is out of range. Range is 0 - 2.
19459	IPsec 記錄間隔已超出範圍。範圍是 60 - 86400。	IPsec Log Interval is out of range. Range is 60 - 86400.
19460	IPsec 解除層級超出範圍。範圍是 0 - 3。	IPsec Exemption Level is out of range. Range is 0 - 3.
19461	(有些 IPsec 設定參數沒有設定)。	(Some of the IPsec Configuration parameters are not set).
19462	開機模式 :	Boot Mode :
19463	Stateful	Stateful
19464	封鎖	Block
19465	允許	Permit
19476	沒有開機模式豁免事項	No bootmode exemptions
19477	開機模式豁免事項 :	Boot Mode Exemptions :
19478	通訊協定 Src 連接埠 Dst 連接埠 方向	Protocol Src Port Dst Port Direction
19479	--------- --------- --------- ---------	--------- --------- --------- ---------
19480	允許最多 1024 豁免事項	A maximum of 1024 exemptions are allowed.
19800	MD5(%1!02lu!/%2!-02lu!) 無 無	MD5(%1!02lu!/%2!-02lu!) None None
19801	SHA1(%1!02lu!/%2!-02lu!) 無 無	SHA1(%1!02lu!/%2!-02lu!) None None
19802	無 無 無	None None None
19803	無 DES (%1!02lu!/%2!-02lu!)	None DES (%1!02lu!/%2!-02lu!)
19804	無 未知	None Unknown
19805	無 3DES(%1!02lu!/%2!-02lu!)	None 3DES(%1!02lu!/%2!-02lu!)
19806	無 無	None None
19811	certmap	certmap
19812	excludecaname	excludecaname
22001	ERR Win32[%1!05d!] : %2!s!	ERR Win32[%1!05d!] : %2!s!
22002	ERR IPsec[%1!05d!] :	ERR IPsec[%1!05d!] :
22004	ERR Win32[%1!05d!] : 無效的 Win32 錯誤碼	ERR Win32[%1!05d!] : Invalid Win32 Err Code
22010	至少有一個必要參數尚未指定	One or more essential parameters not specified
22011	引數不合。正確語法請查閱說明	Arguments are not matching. Check help for the correct syntax
22012	沒有原則在原則存放區	No Policies in Policy Store
22013	無法開啟原則存放區	Unable to open Policy Store
22014	沒有篩選器動作在原則存放區	No Filter Actions in Policy Store
22015	沒有篩選器清單在原則存放區	No Filter Lists in Policy Store
22016	名稱為 %1!s! 的原則不在原則存放區	Policy with name %1!s! not exists in Policy Store
22017	內部錯誤，無效的切換情況。	Internal Error, Invalid Switch Case.
22018	對引數 '%1!s!' 這是無效的參數	Invalid Parameter for the Argument '%1!s!'
22019	指定的 IP 位址無效	IP Address specified is invalid
22020	所給予的 dns 名稱 '%1!s!' 在 DNS 對應失敗	DNS lookup failed for the given dns name '%1!s!'
22021	'%1!s!' 在此內容不是有效的標記	'%1!s!' not a valid tag for this context
22022	'%1!s!' 標記已經存在	'%1!s!' tag already present
22023	沒有引數 'assign = y/n' GPOname 就無法指定	GPOname cannot be specified without argument 'assign = y/n'
22024	所給予的命令需要標記 'Name' 或 'GUID'	Tag 'Name' or 'GUID' needed for the given command
22025	需要 '%1!s!' 標記	'%1!s!' tag is needed
22026	對標記 '%2!s!' 而言 '%1!s!' 是無效的引數	'%1!s!' is not a valid argument for the tag '%2!s!'
22027	首碼應該僅介於 1 和 32	Prefix should be between 1 and 32 only
22028	'%1!s!' 不是有效的遮罩/首碼	'%1!s!' is not a valid Mask/Prefix
22029	所提供的引數是 null	The argument supplied is null
22030	所指定的存留期 'Seconds' 超出限制。它應該介於 '%1!d!' 和 '%2!d!' 之間	The 'Seconds' LifeTime specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22031	指定的 'Kbytes' 超出限制。它應該介於 '%1!d!' 和 '%2!d!' 之間	The 'Kbytes' specified is out of limit. It should be in between '%1!d!' and '%2!d!' only
22032	Rekey 單位 (k/s) 無效	The Rekey Unit (k/s) is invalid
22033	指定無效的 HASH 引數	Invalid HASH algorithm specified
22034	指定不完整的 ESP	Incomplete ESP specified
22035	'%1!s!' 的 Algo's 指定重複	Duplicate Algo's specified for '%1!s!'
22036	無而且不允許無	None and None not allowed
22037	指定無效的 IPsec 通訊協定。它應該僅是 ESP 或 AH	Invalid IPsec protocol specified. It should be ESP or AH only
22038	已經超過最大 OFFERS 數 [%1!d!]	Max Number of OFFERS[%1!d!] is crossed
22039	QM_OFFERS 無效。不允許 Encryption+Encryption 或 Authentication+Authentication	Invalid QM_OFFERS. Encryption+Encryption or Authentication+Authentication are not allowed
22040	QMOffers 的存留期或指定資料無效。	Invalid Lifetime or Data specification for QMOffers.
22041	為 MMOFFER 指定的 PFS 群組無效	Invalid PFS Group specified for MMOFFER
22042	P1 群組遺失	P1 Group missing
22043	指定無效的 MMOFFER	Invalid MMOFFER is specified
22044	檔案名稱必須只包含 .ipsec 副檔名	File name should contain .ipsec extension only
22045	'%1!s!' 和 ALL 不允許	'%1!s!' and ALL not allowed
22046	未指定預先共用金鑰	Preshared key not specified
22047	指定無效的 Authmethod	Invalid Authmethod is specified
22048	指定無效的憑證	Invalid Certificate specified
22049	指定多個 '%1!s!' 參數。只能允許一個。	Multiple '%1!s!' parameters are specified. Only one is allowed.
22050	指定的連接埠無效。	The Port specified is invalid.
22051	引數的數目較多，被截斷的	No of arguments are more,truncated
22052	指定無效的 QMOFFER	Invalid QMOFFER specified
22053	指定無效的通道 IP	Invalid Tunnel IP specified
22054	沒有來源或目的地位址就無法指定通訊協定	Protocol can't be specified without source and destination addresses
22055	指定的子網路遮罩無效	Subnet mask specified is invalid
22056	無標記引數只能是電腦或網域	Non-tagged arg can only be machine or domain
22057	ERR WIN32[00014] : 沒有足夠的記憶體來完成這個操作。	ERR WIN32[00014] : There is not enough memory to complete this operation.
22058	指定的連接埠無效。它應該只小於 '%1!d!'	The Port specified is invalid. It should be in less than '%1!d!' only
22100	遺失原則名稱	Missing Policy Name
22101	輪詢間隔應該在 %1!d! 和 %2!d! 分鐘之間	Polling Interval should be within %1!d! and %2!d! minutes
22102	快速模式限制應該在 %1!d! 和 %2!d! 工作階段之間	Quickmode limit should be within %1!d! and %2!d! sessions
22103	存留期應該在 %1!d! 和 %2!d! 分鐘之間	Lifetime should be within %1!d! and %2!d! minutes
22111	原則 '%1!s!' 已經存在	Policy with name '%1!s!' already exists
22112	加入預設回應規則時產生錯誤	Error while adding Default Response Rule
22113	建立原則 '%1!s!' 時產生錯誤	Error while creating Policy with name '%1!s!'
22114	由於在載入預設 auth 方法時失敗，所以建立原則 '%1!s!' 時產生錯誤	Error while creating policy with name '%1!s!' due to failure in loading default auth methods
22121	遺失 FilterList 名稱	Missing FilterList Name
22122	FilterList 名稱 '%1!s!' 已經存在	FilterList with name '%1!s!' already exists
22123	FilterList 名稱 '%1!s!'時產生錯誤	Error while creating FilterList with name '%1!s!'
22124	指定無效的 GUID	Invalid GUID specified
22131	建立指定的篩選器時產生錯誤	Error while creating the specified Filter
22141	FilterAction '%1!s!' 已經存在	FilterAction with name '%1!s!' already exists
22142	建立 FilterAction '%1!s!' 時產生錯誤	Error while creating FilterAction with name '%1!s!'
22143	Permit 或 Block 類型的 FilterAction 中 Inpass，Qmpfs，Soft 和 Qmsec 選項無效。您必須指定 'action = negotiate'	Inpass, Qmpfs, Soft and Qmsec options are not valid for the Permit or Block type FilterAction. 'action = negotiate' needs to be specified
22144	至少必須指定一個快速模式安全性方法	Atleast One Quick mode Security method needs to be specified
22151	規則名稱遺失	Missing Rule Name
22152	FilterAction 名稱遺失	Missing FilterAction Name
22153	名稱為 '%1!s!' 的原則不存在	Policy with name '%1!s!' does not exist
22154	名稱為 '%1!s!' 的規則已經存在原則 '%2!s!' 中	Rule with name '%1!s!' already exists in policy '%2!s!'
22155	名稱為 '%1!s!' 的 FilterAction 不存在	FilterAction with name '%1!s!' does not exist
22156	在 FilterList 中沒有名稱為 '%1!s!' 的篩選器	No Filters in FilterList with name '%1!s!'
22157	建立名稱為 '%1!s!' 的規則時產生錯誤	Error while creating Rule with name '%1!s!'
22158	遺失規則名稱或規則識別碼	Missing Rule Name or Rule ID
22159	GUID %1!s! 的原則不存在	Policy with GUID %1!s! does not exist
22160	GUID %1!s! 的 FilterAction 不存在	FilterAction with GUID %1!s! does not exist
22161	由於在載入預設 auth 方法時失敗，所以建立規則 '%1!s!' 時產生錯誤	Error while creating Rule with name '%1!s!' due to failure in loading default auth methods
22165	憑證解碼操作失敗	Certificate decoding operation failed
22166	名稱為 '%1!s!' 的原則不存在現存電腦網域中	Policy with name '%1!s!' does not exist in current machine's domain
22167	指定無效的通道 IP 位址	Invalid Tunnel IP Address Specified
22168	FilterList 名稱 '%1!s!' 不存在	FilterList with name '%1!s!' does not exist
22169	伺服器不能同時被來源和目的雙方所指定	Servers cannot be specified for both source and destination sides
22170	GUID %1!s! 的 FilterList 不存在	FilterList with GUID %1!s! does not exist
22171	沒有目錄服務可用	No Directory Service available
22172	名稱為 '%1!s!' 的 GPO 沒有存在目前的電腦網域	GPO with name '%1!s!' does not exist in current machine's domain
22173	在指派原則到名稱為 '%1!s!' 的 GPO 時產生錯誤或指定的 GPO 不存在	Error while assigning the Policy to the GPO with name '%1!s!' or specified GPO does not exist
22174	更新名稱為 '%1!s!' 的原則時產生錯誤	Error while updating the Policy with name '%1!s!'
22175	更新 GUID %1!s! 的原則時產生錯誤	Error while updating the Policy with GUID %1!s!
22176	從名稱為 '%1!s!' 的 GPO 解除指派原則時產生錯誤或指定的 GPO 不存在	Error while unassigning the Policy from the GPO with name '%1!s!' or specified GPO does not exist
22181	更新名稱為 '%1!s!' 的 FilterList 時產生錯誤	Error while updating FilterList with name '%1!s!'
22182	更新名稱為 GUID %1!s! 的 FilterList 時產生錯誤	Error while updating FilterList with GUID %1!s!
22191	更新名稱為 '%1!s!' 的 FilterAction 時產生錯誤	Error while updating FilterAction with name '%1!s!'
22192	更新 GUID %1!s! 的 FilterAction 時產生錯誤	Error while updating FilterAction with GUID %1!s!
22201	名稱為 '%1!s!' 的規則不存在原則 '%2!s!'中	Rule with name '%1!s!' does not exist in Policy '%2!s!'
22202	更新名稱為 '%1!s!' 的規則時產生錯誤	Error while updating rule with name '%1!s!'
22203	預設規則無法更新這個命令。請使用命令 'set defaultrule'	Default rule cannot be updated with this command. Use the 'set defaultrule' command
22204	識別碼為 %1!d! 的規則不存在原則 '%2!s!' 中	Rule with ID %1!d! does not exist in Policy '%2!s!'
22205	指定無效的規則識別碼	Invalid Rule ID Specified
22211	更新名為 '%1!s!' 原則中的預設規則時產生錯誤	Error while updating Default Rule of Policy with name '%1!s!'
22221	沒有指定檔案名稱	No file name specified
22222	無效的檔案/路徑名稱	Invalid File / Path name
22223	匯入原則時產生錯誤	Error while importing policies
22231	匯出原則時產生錯誤	Error while exporting policies
22235	還原預設原則時產生錯誤	Error while restoring default policies
22236	這個命令只有在本機儲存區上可用	This command is only available for the local store
22237	網域名稱無效。名稱為 '%1!s!' 的網域不存在	Invalid Domain Name. Domain with name '%1!s!' does not exist
22238	您的電腦不是網域成員	Your machine is not a member of domain
22241	刪除名稱為 '%1!s!' 的原則時產生錯誤	Error while deleting Policy with name '%1!s!'
22242	沒有名稱為 '%1!s!' 的原則	No Policy with name '%1!s!'
22251	無法刪除名稱為 '%1!s!' 的 FilterList	FilterList with name '%1!s!' cannot be deleted
22252	刪除名稱為 '%1!s!' 的 FilterList 時產生錯誤	Error while deleting FilterList with name '%1!s!'
22255	沒有名稱為 '%1!s!' 的 FilterList	No FilterList with name '%1!s!'
22256	已指定內容的篩選器不在名為 '%1!s!' 的 FilterList 內	Filter with the specified spec does not exist in FilterList with name '%1!s!'
22261	刪除指定內容的篩選器後，在更新名為 '%1!s!' 的 FilterList 時產生錯誤	Error while updating FilterList with name '%1!s!' after deletion of the specified filter
22265	無法刪除名稱為 '%1!s!' 的 FilterAction	FilterAction with name '%1!s!' cannot be deleted
22266	刪除名稱為 '%1!s!' 的 FilterAction 時產生錯誤	Error while deleting FilterAction with name '%1!s!'
22267	沒有名稱為 '%1!s!' 的 FilterAction	No FilterAction with name '%1!s!'
22271	刪除名稱為 '%1!s!' 的規則時產生錯誤	Error while deleting Rule with name '%1!s!'
22272	刪除識別碼為 %1!d! 的規則時產生錯誤	Error while deleting Rule with ID %1!d!
22273	無法刪除預設回應規則	Default Response Rule cannot be deleted
22274	沒有名稱為 '%1!s!' 的規則	No Rule with name '%1!s!'
22275	沒有識別碼為 %1!d! 的規則	No Rule with ID %1!d!
22276	沒有指定原則名稱	No Policy name specified
22281	正在展開名為 '%1!s!' 原則的 NegPol 資訊時產生錯誤	Error while extracting NegPol info of Policy with name '%1!s!'
22282	正在展開名為 '%1!s!' 原則的篩選器資訊時產生錯誤	Error while extracting Filter info of Policy with name '%1!s!'
22283	正在展開名為 '%1!s!' 原則的 ISAKMP 資訊時產生錯誤	Error while extracting ISAKMP info of Policy with name '%1!s!'
22290	沒有目前指派的原則	No currently assigned Policy
22295	沒有 FilterList 存在原則存放區	No FilterList exists in Policy Store
22296	沒有 FilterAction 存在原則存放區	No FilterAction exists in Policy Store
22297	無效的 GPO 名稱或是沒有目前指派的原則	Either invalid GPO name or no currently assigned policy
22298	使用網域儲存區時必須指定名稱	A name must be specified when using the domain store
22299	指定無效的來源 IP 位址	Invalid Source IP Address specified
22300	指定無效的來源 IP/Mask	Invalid Source IP/Mask specified
22301	位址衝突。來源和目的不能有相同的 IP/DNS	Address Conflict. Source and Destination cannot have same IP/DNS
22302	指定無效的伺服器	Invalid server specified
22303	必須指定伺服器	Server needs to be specified
22304	指定無效的目的 IP 位址	Invalid destination IP Address specified
22305	指定無效的目的遮罩	Invalid destination mask specified
22306	無效的 Newname。名稱為 '%1!s!' 的原則已經存在	Invalid Newname. Policy with name '%1!s!' already exists
22307	無效的 Newname。名稱為 '%1!s!' 的規則已經存在	Invalid Newname. Rule with name '%1!s!' already exists
22308	無效的 Newname。名稱為 '%1!s!' 的 Filterlist 已經存在	Invalid Newname. Filterlist with name '%1!s!' already exists
22309	無效的 Newname。名稱為 '%1!s!' 的 Filteraction 已經存在	Invalid Newname. Filteraction with name '%1!s!' already exists
22310	如果指定類型，就必須指定 'all'	If a type is specified, 'all' needs to be specified
22311	這項操作產生內部錯誤	Internal error occurred during this operation
22312	在原則 '%1!s!' 中沒有通道類型的規則存在	No Tunnel type rules exist in policy '%1!s!'
22313	這個命令不允許更新預設 Filteraction。請用 'Set DefaultRule' 命令。	Updating default Filteraction is not allowed through this command. Use 'Set DefaultRule' command.
22314	名稱為 '%1!s!' 的原則有 READONLY 屬性。拒絕更新	Policy with name '%1!s!' has READONLY attribute. Updation denied
22315	指定的規則有 READONLY 屬性。拒絕更新	Specified Rule has READONLY attribute. Updation denied
22316	名稱為 '%1!s!' 的 Filteraction 有 READONLY 屬性。拒絕更新	Filteraction with name '%1!s!' has READONLY attribute. Updation denied
22317	名稱為 '%1!s!' 的 FilterList 有 READONLY 屬性。拒絕更新	FilterList with name '%1!s!' has READONLY attribute. Updation denied
22318	名稱為 '%1!s!' 的原則有 READONLY 屬性。拒絕刪除	Policy with name '%1!s!' has READONLY attribute. Deletion denied
22319	名稱為 '%1!s!' 的規則有 READONLY 屬性。拒絕刪除	Rule with name '%1!s!' has READONLY attribute. Deletion denied
22320	名稱為 '%1!s!' 的 Filteraction 有 READONLY 屬性。拒絕刪除	Filteraction with name '%1!s!' has READONLY attribute. Deletion denied
22321	名稱為 '%1!s!' 的 FilterList 有 READONLY 屬性。拒絕刪除	FilterList with name '%1!s!' has READONLY attribute. Deletion denied
22322	使用本機儲存區時不能指定名稱	No name can be specified when using the local store
22323	Windows Vista 和較新版本的 Windows 不支援預設回應規則。	Default response rule is not supported on Windows Vista and later versions of Windows.
23001	當 ActionInbound 或 ActionOutbound 指定為 NEGOTIATE 時，必須有 QMPolicy。	QMPolicy is needed when ActionInbound or ActionOutbound specified as NEGOTIATE.
23002	連接埠號碼對 TCP 或 UDP 通訊協定有效，沒有 PortNumber 仍可繼續	Port number valid for TCP or UDP protocols, continuing without PortNumber.
23003	指定的 QMPolicy 不存在。	Specified QMPolicy does not exist.
23004	指定的 MainMode 原則不存在。	Specified MainMode Policy does not exist.
23006	如果 ActionInbound 或 ActionOutbound 都未指定為 NEGOTIATE，就不能有 IPsec 原則。	Cannot have IPsec policy when neither ActionInbound or ActionOutbound are specified as NEGOTIATE.
23007	Mirror = Yes 對通道規則無效。	Mirror = Yes is not valid for Tunnel Rule.
23011	指定的 MainMode 篩選器不存在。	Specified MainMode Filter does not exist.
23012	指定的傳輸篩選器不存在。	Specified Transport Filter does not exist.
23013	指定的通道篩選器不存在。	Specified Tunnel Filter does not exist.
23014	無法使用 MainMode 原則。	MainMode Policies are not available.
23015	無法使用 QuickMode 原則。	QuickMode Policies are not available.
23021	所給予名稱的 MainMode 原則已經存在。	MainMode Policy with the given name already exists.
23031	所給予名稱的 QuickMode 原則已經存在。	QuickMode Policy with the given name already exists.
23061	MainMode 篩選器不存在。	MainMode Filters do not exist.
23062	指定的 MainMode 篩選器不存在而且找不到原則。	Specified MainMode Filter does not exist and Policy is not found.
23063	指定的 MainMode 原則不存在或是和指定的 MainMode 篩選器沒有關連。	Specified MainMode Policy either does not exist or not associated with specified MainMode Filter.
23071	QuickMode 篩選器不存在。	QuickMode Filters do not exist.
23072	指定的 QuickMode 篩選器不存在並且找不到原則。	Specified QuickMode Filter does not exist and Policy is not found.
23073	指定的 QuickMode 原則不存在或是和 QuickMode 篩選器沒有關連。	Specified QuickMode Policy either does not exist or is not associated with QuickMode Filter.
23074	指定的 QuickMode 篩選器不存在。	Specified QuickMode Filter does not exist.
23075	已經用過驗證方法。	Authentication method(s) being used.
23076	無法刪除 %1!d! MMFilter 物件。	%1!d! MMFilter object(s) could not be deleted.
23077	無法刪除 %1!d! 運輸篩選器物件。	%1!d! Transport Filter object(s) could not be deleted.
23078	無法刪除 %1!d! 通道篩選器物件。	%1!d! Tunnel Filter object(s) could not be deleted.
23081	IPsec 原則代理服務沒有啟動。	The IPsec Policy Agent service is not active.
23082	原則代理服務啟動成功。	Policy Agent service successfully started.
23090	分析器的權杖錯誤，應該為 IPSEC，IKE 或 ALL。	Wrong token from Parser, Should be either IPSEC, IKE or ALL.
23091	從分析器接收到無效的 AddressType。	Invalid AddressType received from Parser.
23092	來源和目的兩者不能為伺服器。	Source and Destination both cannot be Servers.
23093	通道來源和通道目的兩者不能為伺服器。	Tunnel Source and Tunnel Destination both cannot be Servers.

File Name:	nshipsec.dll.mui
Directory:	%WINDIR%\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-tw_bf25bd601980d13d\
File Size:	128 kB
File Permissions:	rw-rw-rw-
File Type:	Win32 DLL
File Type Extension:	dll
MIME Type:	application/octet-stream
Machine Type:	Intel 386 or later, and compatibles
Time Stamp:	0000:00:00 00:00:00
PE Type:	PE32
Linker Version:	14.10
Code Size:	0
Initialized Data Size:	131072
Uninitialized Data Size:	0
Entry Point:	0x0000
OS Version:	10.0
Image Version:	10.0
Subsystem Version:	6.0
Subsystem:	Windows GUI
File Version Number:	10.0.15063.0
Product Version Number:	10.0.15063.0
File Flags Mask:	0x003f
File Flags:	(none)
File OS:	Windows NT 32-bit
Object File Type:	Dynamic link library
File Subtype:	0
Language Code:	Chinese (Traditional)
Character Set:	Unicode
Company Name:	Microsoft Corporation
File Description:	網路殼層 IP 安全性協助程式 DLL
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Internal Name:	nshipsec.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original File Name:	nshipsec.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Directory:	%WINDIR%\WinSxS\x86_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.15063.0_zh-tw_630721dc61236007\

nshipsec.dll.mui is Multilingual User Interface resource file that contain Chinese (Traditional) language for file nshipsec.dll (網路殼層 IP 安全性協助程式 DLL).

File Description:	網路殼層 IP 安全性協助程式 DLL
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Company Name:	Microsoft Corporation
Internal Name:	nshipsec.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original Filename:	nshipsec.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Translation:	0x404, 1200