Audit Network Policy Server

Applies To: Windows 7, Windows Server 2008 R2

This security policy setting determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock).

NAP events can be used to understand the overall health of the network.

Event volume: Medium to high on servers running Network Policy Server (NPS); moderate on other servers or on client computers

Default: Success and failure

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, Windows Vista with Service Pack 2 (SP2), or Windows Vista with Service Pack 1 (SP1).

Event ID Event message

6272

Network Policy Server granted access to a user.

6273

Network Policy Server denied access to a user.

6274

Network Policy Server discarded the request for a user.

6275

Network Policy Server discarded the accounting request for a user.

6276

Network Policy Server quarantined a user.

6277

Network Policy Server granted access to a user but put it on probation because the host did not meet the defined health policy.

6278

Network Policy Server granted full access to a user because the host met the defined health policy.

6279

Network Policy Server locked the user account due to repeated failed authentication attempts.

6280

Network Policy Server unlocked the user account.