deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 00:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/auditing/audit-network-policy-server.md
martyav 474832eea3 items 26 to 56 reviewed
2019-12-19 15:35:31 -05:00

3.0 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date
title description ms.assetid ms.reviewer manager ms.author ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority author ms.date
Audit Network Policy Server (Windows 10) The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests. 43b2aea4-26df-46da-b761-2b30f51a80f7 dansimp dansimp security w10 deploy library none dansimp 04/19/2017

Audit Network Policy Server

Applies to

  • Windows 10
  • Windows Server 2016

Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.

If you configure this subcategory, an audit event is generated for each IAS and NAP user access request.

This subcategory generates events only if NAS or IAS role is installed on the server.

NAP events can be used to help understand the overall health of the network.

Event volume: Medium to High on servers that are running Network Policy Server (NPS).

Role-specific subcategories are outside the scope of this document.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller IF IF IF IF IF if a server has the Network Policy Server (NPS) role installed and you need to monitor access requests and other NPS-related events, enable this subcategory.
Member Server IF IF IF IF IF if a server has the Network Policy Server (NPS) role installed and you need to monitor access requests and other NPS-related events, enable this subcategory.
Workstation No No No No Network Policy Server (NPS) role cannot be installed on client OS.

  • 6272: Network Policy Server granted access to a user.

  • 6273: Network Policy Server denied access to a user.

  • 6274: Network Policy Server discarded the request for a user.

  • 6275: Network Policy Server discarded the accounting request for a user.

  • 6276: Network Policy Server quarantined a user.

  • 6277: Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.

  • 6278: Network Policy Server granted full access to a user because the host met the defined health policy.

  • 6279: Network Policy Server locked the user account due to repeated failed authentication attempts.

  • 6280: Network Policy Server unlocked the user account.