Export an NPS Server Configuration for Import on Another Server
Updated: February 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
You can export the entire NPS configuration — including RADIUS clients and servers, network policy, connection request policy, registry, and logging configuration — from one NPS server for import on another NPS server.
Use one of the following procedures to export the NPS configuration:
In Windows Server® 2008 R2 and Windows Server® 2008, use Netsh.
In Windows Server® 2012, you can use Netsh, or you can use Windows PowerShell.
This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see How to Run a Windows PowerShell Cmdlet.
|Do not use this procedure if the source NPS database has a higher version number than the version number of the destination NPS database. You can view the version number of the NPS database from the display of the netsh nps show config command.|
When the netsh import command is run, NPS is automatically refreshed with the updated configuration settings. You do not need to stop NPS on the destination computer to run the netsh import command, however if the NPS console or NPS MMC snap-in is open during the configuration import, changes to the server configuration are not visible until you refresh the view.
|When you use the netsh nps export command, you are required to provide the command parameter exportPSK with the value YES. This parameter and value explicitly state that you understand that you are exporting the NPS server configuration, and that the exported XML file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups.|
Because NPS server configurations are not encrypted in the exported XML file, sending it over a network might pose a security risk, so take precautions when moving the XML file from the source server to the destination servers. For example, add the file to an encrypted, password protected archive file before moving the file. In addition, store the file in a secure location to prevent malicious users from accessing it.
|If SQL Server logging is configured on the source NPS server, SQL Server logging settings are not exported to the XML file. After you import the file on another NPS server, you must manually configure SQL Server logging.|
To complete this procedure, you must be a member of the Administrators group.
On the source NPS server, open Command Prompt, type netsh, and then press Enter.
At the netsh prompt, type nps, and then press Enter.
At the netsh nps prompt, type export filename="path\file.xml"exportPSK=YES, where path is the folder location where you want to save the NPS server configuration file, and file is the name of the XML file that you want to save. Press Enter.
This stores configuration settings (including registry settings) in an XML file. The path can be relative or absolute, or it can be a Universal Naming Convention (UNC) path. After you press Enter, a message appears indicating whether the export to file was successful.
Copy the file you created to the destination NPS server.
At a command prompt on the destination NPS server, type netsh nps import filename="path\file.xml", and then press Enter. A message appears indicating whether the import from the XML file was successful.
Beginning with Windows Server 2012, you can export the NPS configuration using Windows PowerShell.
The command syntax for exporting the NPS configuration is as follows.
Export-NpsConfiguration -Path <filename>
The following table lists parameters for the Export-NpsConfiguration cmdlet in Windows PowerShell. Parameters in bold are required.
Specifies the name and location of the XML file to which you want to export the NPS server configuration.
In the following example, the NPS configuration is exported to an XML file located on the local drive.