Audit Network Policy Server
- Windows 10
- Windows Server 2016
Audit Network Policy Server allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) activity related to user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
If you configure this subcategory, an audit event is generated for each IAS and NAP user access request.
This subcategory generates events only if NAS or IAS role is installed on the server.
NAP events can be used to help understand the overall health of the network.
Event volume: Medium to High on servers that are running Network Policy Server (NPS).
Role-specific subcategories are outside the scope of this document.
|Computer Type||General Success||General Failure||Stronger Success||Stronger Failure||Comments|
|Domain Controller||IF||IF||IF||IF||IF – if a server has the Network Policy Server (NPS) role installed and you need to monitor access requests and other NPS-related events, enable this subcategory.|
|Member Server||IF||IF||IF||IF||IF – if a server has the Network Policy Server (NPS) role installed and you need to monitor access requests and other NPS-related events, enable this subcategory.|
|Workstation||No||No||No||No||Network Policy Server (NPS) role cannot be installed on client OS.|
6272: Network Policy Server granted access to a user.
6273: Network Policy Server denied access to a user.
6274: Network Policy Server discarded the request for a user.
6275: Network Policy Server discarded the accounting request for a user.
6276: Network Policy Server quarantined a user.
6277: Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
6278: Network Policy Server granted full access to a user because the host met the defined health policy.
6279: Network Policy Server locked the user account due to repeated failed authentication attempts.
6280: Network Policy Server unlocked the user account.