We have a baseline security GPO set that is cross-domain linked to ensure that it is identical across all domains. Recently, we added an IPSec policy to it, but that policy doesn't seem to be applying in the other domains. Is there some way to put IPSec policies in a shared central store?

What is especially odd is that we created an identical IPSec policy in a second domain that matches the name of the IPSec policy addressed in the domain of the GPO (which also didn't work), but when the name of the IPSec policies was changed, the GPO settings report shows the new name when looking with one account but not for another account. Neither account has edit rights to the GPO, but the one indicating the old IPSec policy name does have rights to link GPOs in the second domain. This report remains incorrect after several days and unlinking and re-linking the GPO.

Any ideas or suggestions?

TIA