NPS Server Commands

Applies To: Windows Server 2008

This section contains the following commands.

• add registeredserver

• delete registeredserver

• dump

• export

• import

• reset config

• reset eventlog

• reset ports

• set eventlog

• set ports

• show config

• show eventlog

• show ports

• show registeredserver

• show vendors

For information on how to interpret netsh command syntax, see Formatting Legend.

The following entries provide details for each command.

Adds a Network Policy Server (NPS) to the list of registered servers in Active Directory®.

add registeredserver [[ domain = ] domain [ server = ] server ]

• domain
  Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.

• server
  Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

The first example registers the local NPS server in the local domain. The second example registers an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example registers an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps add registeredserver

netsh nps add registeredserver domain = example.com server = 192.168.0.2

netsh nps add registeredserver example.com NPS-01.example.com

Deletes an NPS server from the list of registered servers in Active Directory.

delete registeredserver [[ domain = ] domain [ server = ] server ]

• domain
  Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.

• server
  Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

The first example removes the local NPS server in the local domain from the list of registered NPS servers in Active Directory. The second example removes an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example removes an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps delete registeredserver

netsh nps delete registeredserver domain = example.com server = 192.168.0.2

netsh nps delete registeredserver example.com NPS-01.example.com

Displays the NPS server configuration in the command prompt window. To save the NPS server configuration to a file, use the export command.

dump [ exportPSK = ] YES

• exportPSK
  Required. Specifies that you want to display the shared secrets for RADIUS clients and remote RADIUS servers.

To export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server® logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server logging.

dump exportPSK = YES

Exports the NPS server configuration to a file in Extensible Markup Language (XML) format.

export [filename =] filename**.xml** [ exportPSK = ] YES

• filename
  Required. Specifies the name of the XML file to which you want to export the NPS server configuration.

• exportPSK
  Required. Specifies that you want to export the shared secrets for RADIUS clients and remote RADIUS servers.

If you want to export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server Logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server Logging.

export filename =*"c:\config.xml"*exportPSK = YES

Imports the NPS server configuration from a file in the Extensible Markup Language (XML) file format.

import [filename =] filename**.xml**

• filename
  Required. Specifies the name of the XML file from which you want to import the NPS server configuration.

import C:\nps.xml

In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2.

Using this command in Windows Server 2008, you can import the configuration of another NPS server, but you cannot import the configuration of a server running Windows Server 2003 and Internet Authentication Service (IAS). To import an IAS server configuration into NPS, follow the instructions in the following article:

• NPS servers in Windows Server 2008 systems cannot import configuration settings that were exported from IAS servers in Windows Server 2003 systems

Deletes the NPS server configuration, including RADIUS clients, connection request policies, network policies, accounting configuration, and other items, and restores the NPS server to the default post-installation state.

reset config

Deletes the event log configuration and restores the NPS server to the default post-installation state.

reset eventlog

Deletes the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages, and restores them to the default values of UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

reset ports

Specifies whether successful and rejected authentication events are recorded in the event log.

set eventlog [ [accept = ] Enable | Disable [reject = ] Enable | Disable ]

• Accept
  Optional. Specifies whether successful authentication requests are recorded in the event log. By default, successful authentication requests are logged by NPS.

• Reject
  Optional. Specifies whether unsuccessful authentication requests are recorded in the event log. By default, rejected authentication requests are logged by NPS.

• Although both parameters are optional, you must designate at least one parameter for the command to change event log settings in NPS.

• For commands related to NPS log files and SQL Server logging, see the section "Accounting Commands."

Specifies the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages. By default, NPS is configured to use UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

set ports [ accounting = ] ports [ authentication = ] ports

• accounting
  Optional. Specifies the port numbers used for RADIUS accounting message traffic. If accounting is not specified, the default ports of 1646 and 1813 are used for RADIUS accounting traffic. To specify the network interface and the port number, use the following syntax: IPaddress**:**portnumber

• authentication
  Optional. Specifies the port numbers used for RADIUS authentication message traffic. If authentication is not specified, the default ports of 1645 and 1812 are used for RADIUS authentication traffic. To specify the network interface and the port number, use the following syntax: IPaddress**:**portnumber

• Although both parameters are optional, you must specify at least one parameter for any change to occur to the NPS server port configuration. Running this command without parameters results in no change to the current port configuration on the NPS server.

• If you have previously changed the default values for accounting (1646, 1813) and authentication (1645, 1812) ports and you want to restore the defaults, you must specify the default values when running this command.

Displays the NPS server configuration. The displayed settings are: event logging settings, accounting file log configuration, ports, server registration status, system health validator (SHV) configuration, and SQL Server logging settings.

show config

Displays the NPS event log configuration, including whether accepted and rejected authentication requests are logged by NPS.

show eventlog

Displays the RADIUS port configuration for the local NPS server.

show ports

Displays information for a server that is registered in Active Directory.

show registeredserver [[ domain = ] domain [ server = ] server ]

• domain
  Optional. Specifies the domain in which the server is registered. If domain is not specified, the local domain is automatically queried.

• Server
  Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server whose information you want to display. If server is not specified, information for the local server is displayed.

show registeredserver server ="Server1"

Displays a list of hardware and software vendors.

show vendors

The following list of hardware vendors, protocols, and software vendors is available when you run the show vendors command.

Vendor name

RADIUS Standard

3Com

ACC

ADC Kentrox

Ascend Communications Inc.

BBN

BinTec Communications GmbH

Cabletron Systems

Cisco

Digi International

EICON

Gandalf

Intel Corporation

Lantronix

Livingston Enterprises, Inc.

Proteon

Shiva Corporation

Telebit

U.S. Robotics, Inc.

Xylogics, Inc.

Microsoft

RedBack Networks

Nortel Networks

RADIUS Client Commands
Connection Request Policy Commands
Remote RADIUS Server Group Commands
Network Policy Commands
Network Access Protection Commands for NPS
Accounting Commands