WinSecWiki > Security Settings > Local Policies > Audit Policy > Audit Logon > NPS

Network Policy Server

This category logs events associated with Windows Server 2008's Network Policy Server which provides Network Access Policy functionality for Windows networks which includes IPSec, 802.1x, quarantine and more. You can only configure this category using auditpol.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
6272	Network Policy Server granted access to a user.
6273	Network Policy Server denied access to a user.
6274	Network Policy Server discarded the request for a user..
6275	Network Policy Server discarded the accounting request for a user.
6276	Network Policy Server quarantined a user.
6277	Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
6278	Network Policy Server granted full access to a user because the host met the defined health policy.
6279	Network Policy Server locked the user account due to repeated failed authentication attempts.
6280	Network Policy Server unlocked the user account.

Back to top

 

Upcoming Webinars AD Certificate Services: A Massive Chunk of Windows Security Functionality Finally Gets the Security Research It Deserves Linux Security: Locking Down Admin Access with SSH and Sudo Understanding Broken Object Level Authorization: The Quiet Access Control Failure Undermining Today’s Apps Patching 3rd Party Apps on PCs Managed by Intune

Additional Resources