Export (0) Print
Expand All

NPS Server Commands

Updated: February 8, 2008

Applies To: Windows Server 2008

This section contains the following commands.

For information on how to interpret netsh command syntax, see Formatting Legend.

The following entries provide details for each command.

Adds a Network Policy Server (NPS) to the list of registered servers in Active Directory®.

add registeredserver [[ domain = ] domain [ server = ] server ]

domain
Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.

server
Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

The first example registers the local NPS server in the local domain. The second example registers an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example registers an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps add registeredserver

netsh nps add registeredserver domain = example.com server = 192.168.0.2

netsh nps add registeredserver example.com NPS-01.example.com

Deletes an NPS server from the list of registered servers in Active Directory.

delete registeredserver [[ domain = ] domain [ server = ] server ]

domain
Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.

server
Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

The first example removes the local NPS server in the local domain from the list of registered NPS servers in Active Directory. The second example removes an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example removes an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps delete registeredserver

netsh nps delete registeredserver domain = example.com server = 192.168.0.2

netsh nps delete registeredserver example.com NPS-01.example.com

Displays the NPS server configuration in the command prompt window. To save the NPS server configuration to a file, use the export command.

dump [ exportPSK = ] YES

exportPSK
Required. Specifies that you want to display the shared secrets for RADIUS clients and remote RADIUS servers.

To export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server® logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server logging.

dump exportPSK = YES

Exports the NPS server configuration to a file in Extensible Markup Language (XML) format.

export [filename =] filename.xml [ exportPSK = ] YES

filename
Required. Specifies the name of the XML file to which you want to export the NPS server configuration.

exportPSK
Required. Specifies that you want to export the shared secrets for RADIUS clients and remote RADIUS servers.

If you want to export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server Logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server Logging.

export filename = "c:\config.xml" exportPSK = YES

Imports the NPS server configuration from a file in the Extensible Markup Language (XML) file format.

import [filename =] filename.xml

filename
Required. Specifies the name of the XML file from which you want to import the NPS server configuration.

import C:\nps.xml

In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2.

Using this command in Windows Server 2008, you can import the configuration of another NPS server, but you cannot import the configuration of a server running Windows Server 2003 and Internet Authentication Service (IAS). To import an IAS server configuration into NPS, follow the instructions in the following article:

Deletes the NPS server configuration, including RADIUS clients, connection request policies, network policies, accounting configuration, and other items, and restores the NPS server to the default post-installation state.

CautionCaution
Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file.

reset config

Deletes the event log configuration and restores the NPS server to the default post-installation state.

CautionCaution
Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file.

reset eventlog

Deletes the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages, and restores them to the default values of UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

reset ports

Specifies whether successful and rejected authentication events are recorded in the event log.

noteNote
Event log entries are viewed with Event Viewer.

set eventlog [ [accept = ] Enable | Disable [reject = ] Enable | Disable ]

Accept
Optional. Specifies whether successful authentication requests are recorded in the event log. By default, successful authentication requests are logged by NPS.

Reject
Optional. Specifies whether unsuccessful authentication requests are recorded in the event log. By default, rejected authentication requests are logged by NPS.

  • Although both parameters are optional, you must designate at least one parameter for the command to change event log settings in NPS.

  • For commands related to NPS log files and SQL Server logging, see the section "Accounting Commands."

Specifies the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages. By default, NPS is configured to use UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

ImportantImportant
The ports you configure on your NPS server must match the ports used by your network access servers and RADIUS proxies, or network access authentication will fail.

set ports [ accounting = ] ports [ authentication = ] ports

accounting
Optional. Specifies the port numbers used for RADIUS accounting message traffic. If accounting is not specified, the default ports of 1646 and 1813 are used for RADIUS accounting traffic. To specify the network interface and the port number, use the following syntax: IPaddress:portnumber

authentication
Optional. Specifies the port numbers used for RADIUS authentication message traffic. If authentication is not specified, the default ports of 1645 and 1812 are used for RADIUS authentication traffic. To specify the network interface and the port number, use the following syntax: IPaddress:portnumber

  • Although both parameters are optional, you must specify at least one parameter for any change to occur to the NPS server port configuration. Running this command without parameters results in no change to the current port configuration on the NPS server.

  • If you have previously changed the default values for accounting (1646, 1813) and authentication (1645, 1812) ports and you want to restore the defaults, you must specify the default values when running this command.

Displays the NPS server configuration. The displayed settings are: event logging settings, accounting file log configuration, ports, server registration status, system health validator (SHV) configuration, and SQL Server logging settings.

show config

Displays the NPS event log configuration, including whether accepted and rejected authentication requests are logged by NPS.

show eventlog

Displays the RADIUS port configuration for the local NPS server.

show ports

Displays information for a server that is registered in Active Directory.

show registeredserver [[ domain = ] domain [ server = ] server ]

domain
Optional. Specifies the domain in which the server is registered. If domain is not specified, the local domain is automatically queried.

Server
Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server whose information you want to display. If server is not specified, information for the local server is displayed.

show registeredserver server = "Server1"

Displays a list of hardware and software vendors.

show vendors

The following list of hardware vendors, protocols, and software vendors is available when you run the show vendors command.

Vendor name

RADIUS Standard

3Com

ACC

ADC Kentrox

Ascend Communications Inc.

BBN

BinTec Communications GmbH

Cabletron Systems

Cisco

Digi International

EICON

Gandalf

Intel Corporation

Lantronix

Livingston Enterprises, Inc.

Proteon

Shiva Corporation

Telebit

U.S. Robotics, Inc.

Xylogics, Inc.

Microsoft

RedBack Networks

Nortel Networks

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft