I work at a school and I am trying to give the lab teacher the ability to
turn internet access on and off at will. Win2K is working fine but I am
having problems in WinXP.

Here is the situation:

Using IPSEC dynamic policies, the internet switch loads a policy to block
port 80 on the PC (probably a lab machine). According to MS docs the
command line switch for BOTH IPSECCMD (for XP) andIPSECPOL (for 2K) is:

-f [0:80:TCP=*:80:TCP]

So for 2K the command would be:

Ipsecpol \\computer-name -f [0:80:TCP=*:80:TCP] load policy

Ipsecpol \\computer-name -u unload

For XP the command is:

Ipseccmd \\computer-name -f [0:80:TCP=*:80:TCP] load policy

Ipseccmd \\computer-name -u unload

Win2K works every time. XP is giving me an error - failed to load policy. I
can run the command locally on the XP machine and it works. Something is
going on with the IPSECCMD command when using it to affect a machine
remotely. The workaround is using psexec from Systernals (or similar
program) to execute a batch file so that the command is executed locally.

Firewall is off. Admin rights in place.