Windows Security Log Event ID 6272
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Logon/Logoff • Network Policy Server |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
6272: Network Policy Server granted access to a user
On this page
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
With the release of Server 2016, version 2 of the event was added. Server 2016 has the following modifications:
- Removed OS-version
- Removed Proxy Policy Name
- Added Connection Request Policy Name
- Added Logging Results
- Removed Quarantine Information and its child fields
Free Security Log Resources by Randy
User:
- Security ID
- Account Name
- Account Domain
- Fully Qualified Account Name
Client Machine:
- Security ID
- Account Name
- Fully Qualified Account Name
- OS-Version (Removed in 2016)
- Called Station Identifier
- Calling Station Identifier
NAS:
- NAS IPv4 Address
- NAS IPv6 Address
- NAS Identifier
- NAS Port-Type
- NAS Port
RADIUS Client:
- Client Friendly Name
- Client IP Address
Authentication Details:
- Connection Request Policy Name
- Proxy Policy Name (Removed in 2016)
- Network Policy Name
- Authentication Provider
- Authentication Server
- Authentication Type
- EAP Type
- Account Session Identifier
- Logging Results (Added in 2016)
Quarantine Information (removed in 2016)
- Result (Removed in 2016)
- Session Identifier (Removed in 2016)
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
2016 and later
Network Policy Server granted access to a user.
User:
Security ID: %1
Account Name: %2
Account Domain: %3
Fully Qualified Account Name: %4
Client Machine:
Security ID: %5
Account Name: %6
Fully Qualified Account Name: %7
Called Station Identifier: %8
Calling Station Identifier: %9
NAS:
NAS IPv4 Address: %10
NAS IPv6 Address: %11
NAS Identifier: %12
NAS Port-Type: %13
NAS Port: %14
RADIUS Client:
Client Friendly Name: %15
Client IP Address: %16
Authentication Details:
Connection Request Policy Name: %17
Network Policy Name: %18
Authentication Provider: %19
Authentication Server: %20
Authentication Type: %21
EAP Type: %22
Account Session Identifier: %23
Logging Results: %24
2012r2
Network Policy Server granted access to a user.
User:
Security ID: %1
Account Name: %2
Account Domain: %3
Fully Qualified Account Name: %4
Client Machine:
Security ID: %5
Account Name: %6
Fully Qualified Account Name: %7
OS-Version: %8
Called Station Identifier: %9
Calling Station Identifier: %10
NAS:
NAS IPv4 Address: %11
NAS IPv6 Address: %12
NAS Identifier: %13
NAS Port-Type: %14
NAS Port: %15
RADIUS Client:
Client Friendly Name: %16
Client IP Address: %17
Authentication Details:
Proxy Policy Name: %18
Network Policy Name: %19
Authentication Provider: %20
Authentication Server: %21
Authentication Type: %22
EAP Type: %23
Account Session Identifier: %24
Quarantine Information:
Result: %25
Session Identifier: %26
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection