So what about IPSec is hot, other then the fact you can script it?  Well in a enterprise environment you can deploy it in Group Policy.  Now that is a pretty cool way to protect your network.  So you can use IPSec to protect traffic between trusted hosts.  The easiest scenario is to setup IPSec between domain computers.  Once Group Policy refreshes on a client computer they implement whatever IPSec policy is deployed to it.  In a workgroup environment you can still use IPSec for protecting your network, but it is more manual effort.

Not only can you deploy IPSec policies to computers using Group Policy, you can also deploy dynamic IPSec policies to the same computer at the same time.  Now dynamic IPSec policies are the same thing only they don't stick after a reboot or IPSec is restarted.  This makes them handy for testing a setting, you can just reboot (or restart IPSec) to undo it. 

So deploy a baseline IPSec policy to everyone, then use script to deploy dynamic IPSec policies at startup.  That way you can quickly deploy IPSec protection without a way to back out.

The key thing to remember about applying an IPSec policy using Group Policy is that you can only have one policy - the last one that applies.  Similiar to a specific Group Policy setting.  The IPSec Policies don't merge into one big policy as Group Policy is enforced onto a computer.

Microsoft IPSec FAQ

Important things to consider regarding IPSec and tradeoffs.

Microsoft article on how to assign Domain based IPSec policy

Microsoft article providing an outline of reasons to use IPSec.

Example scripts and reasons to use IPSec to protect your systems

Example scripts for protecting against a specific security concern (WINS exploit)

Go read my other article on IPSec (sample scripts and IPSec policy files)