Event ID 6272 – Network Policy Server Granted Access To A User
Event ID | 6272 |
Category | Logon/Logoff |
Sub-Category | Audit Network Policy Servers |
Description | The network policy server granted access to a user. |
Events which are audited under the Audit Network Policy Server sub-category are triggered when a user's access request are related to RADIUS (IAS) and Network Access Protection (NAP) activity. The requests are of the following types: Lock, Unlock, Grant, Deny, Discard, and Quarantine.
Every IAS and NAP user access request generates an audit event if the Network Policy Server auditing is configured, and if the NAS and IAS roles are installed on the server.
Example of 6272 log:
Network Policy Server granted access to a user.
User:
Security ID: %1
Account Name: %2
Account Domain: %3
Fully Qualified Account Name: %4
Client Machine:
Security ID: %5
Account Name: %6
Fully Qualified Account Name: %7
OS-Version: %8
Called Station Identifier: %9
Calling Station Identifier: %10
NAS:
NAS IPv4 Address: %11
NAS IPv6 Address: %12
NAS Identifier: %13
NAS Port-Type: %14
NAS Port: %15
RADIUS Client:
Client Friendly Name: %16
Client IP Address: %17
Authentication Details:
Connection Request Policy Name: %18
Network Policy Name: %19
Authentication Provider: %20
Authentication Server: %21
Authentication Type: %22
EAP Type: %23
Account Session Identifier: %24
Logging Results: %27
Quarantine Information:
Result: %25
Session Identifier: %26
Why does event ID 6272 need to be monitored?
On servers that run Network Policy Server (NPS), the event volume ranges from medium to high. NAP events help understand the overall health of the network, and hence must be monitored.
Pro Tip:
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all network policy server events, helping you meet your security, operational, and compliance needs with absolute ease.
Event 6272 applies to the following operating systems:
- Windows Server 2016
- Windows 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools