The behavior that my Windows 2008 Network Policy Server (aka Radius Server) did not log
the successfully authorized usernames always bothered me. Fortunately
there is a way to get that stupid habit to work as expected.
Open an elevated command promt and type this to get a list of your event categories and their subcategories:
Auditpol /list /subcategory:* /r (optional)
Then type: (note that category name strings are localized!)
Auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
and... backup your policy(ies):
Auditpol /backup /file:C\mypolic.csv (optional)
Another method to log both Event 6273 and 6279 could be done via a GPO:
Computer Configuration -> Policies -> Windows Settings ->
Security Settings -> Advanced Audit Policy Configuration ->
Audit Policies -> Logon/Logoff -> Audit Network Policy Server (set both success and failure to enable). Don't forget to gpupdate /force.
Further reading here.
Nincsenek megjegyzések:
Megjegyzés küldése