Microsoft is removing cryptographic algorithms that are no longer considered secure from Windows Vista and from Windows Server 2008. Therefore, policies that were created by using the IP Security Policies Management snap-in or by using the netsh ipsec command have been changed to remove MD5 and DES from the default policies. The new defaults are backward compatible with policies that were created by using the defaults in Microsoft Windows 2000, in Windows XP, and in Windows Server 2003. Additionally, MD5 and DES can still be configured as part of a policy if they are required for compatibility or interoperability reasons.