Backtrack:  
 
by lunarg on October 20th 2023, at 11:56

By default, audit of success and failure is enabled on Network Policy Server. This will log authentication attempts in the Security event log (filter on event IDs 6272 and 6273). If for some reason, it is not enabled, you can manually enable it via command-line (or Powershell).

To view the current audit policy settings, run:

auditpol /get /subcategory:"Network Policy Server"

If it says No auditing, you can enable it by running:

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

Note that a group policy can override this behaviour. Settings in GPO are located here: Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies → Logon/Logoff → Audit Network Policy Server.

 
 
« June 2024»
SunMonTueWedThuFriSat
      1
2345678
9101112131415
16171819202122
23242526272829
30      
 
Links
 
Quote
« When a bird does poo poo in your eye, be happy elephants don't fly. »