WinSecWiki > Security Settings > Local Policies > Audit Policy > Audit Logon > NPS

Network Policy Server

This category logs events associated with Windows Server 2008's Network Policy Server which provides Network Access Policy functionality for Windows networks which includes IPSec, 802.1x, quarantine and more. You can only configure this category using auditpol.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
6272	Network Policy Server granted access to a user.
6273	Network Policy Server denied access to a user.
6274	Network Policy Server discarded the request for a user..
6275	Network Policy Server discarded the accounting request for a user.
6276	Network Policy Server quarantined a user.
6277	Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.
6278	Network Policy Server granted full access to a user because the host met the defined health policy.
6279	Network Policy Server locked the user account due to repeated failed authentication attempts.
6280	Network Policy Server unlocked the user account.

Back to top

 

Upcoming Webinars Securing Every Identity in the Hybrid Era: Building a Unified Strategy Across Cloud, On-Prem, and AI “3 Persistent Privileged Access Methods in Active Directory: How Attackers Stick the Landing with AdminSdHolder, SIDHistory, DCShadow”

Additional Resources