NPS audit log : Support Desk

NPS event log does not record granted or rejected access events Print

Modified on: Tue, 10 May, 2022 at 1:10 AM

By default, the NPS does not record the granted or rejected access log events, as the frequency of these events can create a very large log. You have to enable them manually.

Use the commands below to ensure that your audit policy is configured to allow success and failure events.

1. Run this command from an elevated prompt on NPS to see your current audit policy settings:

auditpol /get /subcategory:"Network Policy Server"

If both success and failure events are enabled, the output should be:

System audit policy

Category/Subcategory Setting
Logon/Logoff
Network Policy Server Success and Failure

2. If it shows ‘No auditing’, you can run this command to enable it:

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

Note: Even if the audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting.

Did you find it helpful? Yes No

How can we help you today?

NPS event log does not record granted or rejected access events Print

Related Articles