Event Id | 6276 |
Source | Microsoft-Windows-Security-Auditing |
Description | Network Policy Server quarantined a user. User: Security ID: <Security ID> Account Name: <Account Name> Account Domain: <Domain Name> Fully Qualified Account Name:<Fully Qualified Account Name> Client Machine: Security ID: <Security ID> Account Name:<Account Name> Fully Qualified Account Name:<Fully Qualified Account Name> OS-Version: <OS-Version> Called Station Identifier: <Called Station Identifier> Calling Station Identifier: <Calling Station Identifier> NAS: NAS IPv4 Address:<NAS IPv4 Address> NAS IPv6 Address: <NAS IPv6 Address> NAS Identifier: <NAS Identifier> NAS Port-Type: <NAS Port-Type> NAS Port: <NAS Port> RADIUS Client: Client Friendly Name: <Client Friendly Name> Client IP Address: <Client IP Address> Authentication Details: Proxy Policy Name: <Proxy Policy Name> Network Policy Name: <Proxy Policy Name> Authentication Provider: <Authentication Provider> Authentication Server: <Authentication Server> Authentication Type: <Authentication Type> EAP Type: <EAP Type> Account Session Identifier:<Account Session Identifier> Reason Code: <Reason Code> Reason: <Reason > Quarantine Information: Result: <Result> Extended-Result: <Extended-Result> Session Identifier: <Session Identifier> Help URL: <Help URL> System Health Validator Result(s): <System Health Validator Result> |
Event Information | Cause : This event is logged when Network Policy Server quarantined a user. Resolution : Change the configuration of the NAP client If your health policies or client configurations do not produce the results that you intended, you must change either the NAP client configuration or the health policies. Note: To perform this procedure, you must be a member ofDomain Admins. To change the configuration of the NAP client: 1.Review the health policy you have created for the NAP client. 2.Configure the client according to the restrictions of the health policy. |
Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.