NPS events and audit policy RRS feed

  • General discussion

  • View NPS events here using Event Viewer: Custom Views\Server Roles\Network Policy and Access Services

    If you do not see any events here, it might be that auditing is not enabled. Use the commands below to ensure that your audit policy is configured to allow success and failure events.

    1. Run this command from an elevated prompt on NPS to see your current audit policy settings:

    auditpol /get /subcategory:"Network Policy Server"

    If both success and failure events are enabled, the output should be:

    System audit policy

    Category/Subcategory                      Setting
      Network Policy Server                   Success and Failure

    2. If it shows ‘No auditing’, you can run this command to enable it:

    auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

    Note: Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting.

    Wednesday, January 12, 2011 9:43 PM

All replies

  • Thank you so much!

    I was searching for this. the problem i am having is that NPS logs only Successful events but not Failures. Im using both PEAP and EAP-TLS for authentication and according to technet i need to edit the following registry key to enable logging for TLS at 


    Tried it out but still no events yet wireshark logs keeps showing the authentication as 'access-reject'. Do i need to reboot the server after changing the registry key? 

    Just wondering if there is a need to edit/change/modify anything else to make sure that NPS logs both success and failure events regardless of what type of authentication its coming from. 

    Appreciate the help. 

    Saturday, August 6, 2011 4:39 AM
  • Hi Greg,


    Tested the command and it works just fine! Thanks!

    Monday, August 8, 2011 5:32 AM
  • Hi hanglj

    after doing anything in registry you must reboot the server ..... like makes the server Wins proxy


    Avatar of hanglj


    BT Frontline

    Recent Achievements 1 0 0
    First Forums Reply
    hanglj's threads View Profile
    Thursday, August 18, 2011 9:48 PM
  • Thanks for the tip Greg. I've run this command, and while it did turn on Success and Failure auditing under the NPS server role in Event Viewer, I found that after a short amount of time this value would be overridden back to Not Enabled. Being that I have NPS on my domain controllers, I modified the Default Domain Controllers Group Policy and enabled the setting "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings". Even though I've enabled this, I'm still finding that this setting has been overridden.

    Any suggestions?


    Friday, March 23, 2012 6:34 PM
  • Hi Darren,

    Sorry I didn't see your question on this sticky until just tonight.

    I would try setting this policy to No Override. See


    Monday, June 11, 2012 7:18 AM
  • Hi Greg - appreciate the reply.

    I ended up enabling Network Policy Server logon/logoff auditing via group policy. The success/failure setting can be found at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server.

    This did the trick for me!



    Monday, June 11, 2012 1:10 PM