WinSecWiki > Security Settings > Local Policies > Audit Policy > Audit Logon > NPS

Network Policy Server

This category logs events associated with Windows Server 2008's Network Policy Server which provides Network Access Policy functionality for Windows networks which includes IPSec, 802.1x, quarantine and more. You can only configure this category using auditpol.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
6272	Network Policy Server granted access to a user.
6273	Network Policy Server denied access to a user.
6274	Network Policy Server discarded the request for a user..
6275	Network Policy Server discarded the accounting request for a user.
6276	Network Policy Server quarantined a user.
6277	Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
6278	Network Policy Server granted full access to a user because the host met the defined health policy.
6279	Network Policy Server locked the user account due to repeated failed authentication attempts.
6280	Network Policy Server unlocked the user account.

Upcoming Webinars

Additional Resources

Audit Logon

•	Logon
•	Logoff
•	Account Lockout
•	IPsec Main
•	IPsec Quick
•	IPsec Extended
•	Special Logon
•	Other Logon/Logoff
•	NPS

User name:
Password:
	/ Forgot?
	Register

August 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days and Large Number of Critical Updates " - sponsored by LOGbinder and Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.