By default, the NPS does not record the granted or rejected access log events, as the frequency of these events can create a very large log. You have to enable them manually.


Use the commands below to ensure that your audit policy is configured to allow success and failure events.

1. Run this command from an elevated prompt on NPS to see your current audit policy settings:


auditpol /get /subcategory:"Network Policy Server"


If both success and failure events are enabled, the output should be:

System audit policy

Category/Subcategory                      Setting
Logon/Logoff
  Network Policy Server                   Success and Failure

2. If it shows ‘No auditing’, you can run this command to enable it:


auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable


Note: Even if the audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting.