NPS Server Commands

Applies To: Windows Server 2008

This section contains the following commands.

  • add registeredserver

  • delete registeredserver

  • dump

  • export

  • import

  • reset config

  • reset eventlog

  • reset ports

  • set eventlog

  • set ports

  • show config

  • show eventlog

  • show ports

  • show registeredserver

  • show vendors

For information on how to interpret netsh command syntax, see Formatting Legend.

NPS server commands

The following entries provide details for each command.

add registeredserver

Adds a Network Policy Server (NPS) to the list of registered servers in Active Directory®.

Syntax

add registeredserver [[ domain = ] domain [ server = ] server ]

Parameters

  • domain
    Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.
  • server
    Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

Examples

The first example registers the local NPS server in the local domain. The second example registers an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example registers an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps add registeredserver

netsh nps add registeredserver domain = example.com server = 192.168.0.2

netsh nps add registeredserver example.com NPS-01.example.com

delete registeredserver

Deletes an NPS server from the list of registered servers in Active Directory.

Syntax

delete registeredserver [[ domain = ] domain [ server = ] server ]

Parameters

  • domain
    Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.
  • server
    Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.

Examples

The first example removes the local NPS server in the local domain from the list of registered NPS servers in Active Directory. The second example removes an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example removes an NPS server with the FQDN NPS-01.example.com in the example.com domain.

netsh nps delete registeredserver

netsh nps delete registeredserver domain = example.com server = 192.168.0.2

netsh nps delete registeredserver example.com NPS-01.example.com

dump

Displays the NPS server configuration in the command prompt window. To save the NPS server configuration to a file, use the export command.

Syntax

dump [ exportPSK = ] YES

Parameters

  • exportPSK
    Required. Specifies that you want to display the shared secrets for RADIUS clients and remote RADIUS servers.

Remarks

To export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server® logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server logging.

Example

dump exportPSK = YES

export

Exports the NPS server configuration to a file in Extensible Markup Language (XML) format.

Syntax

export [filename =] filename**.xml** [ exportPSK = ] YES

Parameters

  • filename
    Required. Specifies the name of the XML file to which you want to export the NPS server configuration.
  • exportPSK
    Required. Specifies that you want to export the shared secrets for RADIUS clients and remote RADIUS servers.

Remarks

If you want to export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.

The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.

In addition, SQL Server Logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server Logging.

Example

export filename =*"c:\config.xml"*exportPSK = YES

import

Imports the NPS server configuration from a file in the Extensible Markup Language (XML) file format.

Syntax

import [filename =] filename**.xml**

Parameters

  • filename
    Required. Specifies the name of the XML file from which you want to import the NPS server configuration.

Example

import C:\nps.xml

Remarks

In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2.

Using this command in Windows Server 2008, you can import the configuration of another NPS server, but you cannot import the configuration of a server running Windows Server 2003 and Internet Authentication Service (IAS). To import an IAS server configuration into NPS, follow the instructions in the following article:

reset config

Deletes the NPS server configuration, including RADIUS clients, connection request policies, network policies, accounting configuration, and other items, and restores the NPS server to the default post-installation state.

Warning

Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file.

Syntax

reset config

reset eventlog

Deletes the event log configuration and restores the NPS server to the default post-installation state.

Warning

Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file.

Syntax

reset eventlog

reset ports

Deletes the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages, and restores them to the default values of UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

Syntax

reset ports

set eventlog

Specifies whether successful and rejected authentication events are recorded in the event log.

Note

Event log entries are viewed with Event Viewer.

Syntax

set eventlog [ [accept = ] Enable | Disable [reject = ] Enable | Disable ]

Parameters

  • Accept
    Optional. Specifies whether successful authentication requests are recorded in the event log. By default, successful authentication requests are logged by NPS.
  • Reject
    Optional. Specifies whether unsuccessful authentication requests are recorded in the event log. By default, rejected authentication requests are logged by NPS.

Remarks

  • Although both parameters are optional, you must designate at least one parameter for the command to change event log settings in NPS.

  • For commands related to NPS log files and SQL Server logging, see the section "Accounting Commands."

set ports

Specifies the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages. By default, NPS is configured to use UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.

Important

The ports you configure on your NPS server must match the ports used by your network access servers and RADIUS proxies, or network access authentication will fail.

Syntax

set ports [ accounting = ] ports [ authentication = ] ports

Parameters

  • accounting
    Optional. Specifies the port numbers used for RADIUS accounting message traffic. If accounting is not specified, the default ports of 1646 and 1813 are used for RADIUS accounting traffic. To specify the network interface and the port number, use the following syntax: IPaddress**:**portnumber
  • authentication
    Optional. Specifies the port numbers used for RADIUS authentication message traffic. If authentication is not specified, the default ports of 1645 and 1812 are used for RADIUS authentication traffic. To specify the network interface and the port number, use the following syntax: IPaddress**:**portnumber

Remarks

  • Although both parameters are optional, you must specify at least one parameter for any change to occur to the NPS server port configuration. Running this command without parameters results in no change to the current port configuration on the NPS server.

  • If you have previously changed the default values for accounting (1646, 1813) and authentication (1645, 1812) ports and you want to restore the defaults, you must specify the default values when running this command.

show config

Displays the NPS server configuration. The displayed settings are: event logging settings, accounting file log configuration, ports, server registration status, system health validator (SHV) configuration, and SQL Server logging settings.

Syntax

show config

show eventlog

Displays the NPS event log configuration, including whether accepted and rejected authentication requests are logged by NPS.

Syntax

show eventlog

show ports

Displays the RADIUS port configuration for the local NPS server.

Syntax

show ports

show registeredserver

Displays information for a server that is registered in Active Directory.

Syntax

show registeredserver [[ domain = ] domain [ server = ] server ]

Parameters

  • domain
    Optional. Specifies the domain in which the server is registered. If domain is not specified, the local domain is automatically queried.
  • Server
    Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server whose information you want to display. If server is not specified, information for the local server is displayed.

Example

show registeredserver server ="Server1"

show vendors

Displays a list of hardware and software vendors.

Syntax

show vendors

Remarks

The following list of hardware vendors, protocols, and software vendors is available when you run the show vendors command.

Vendor name

RADIUS Standard

3Com

ACC

ADC Kentrox

Ascend Communications Inc.

BBN

BinTec Communications GmbH

Cabletron Systems

Cisco

Digi International

EICON

Gandalf

Intel Corporation

Lantronix

Livingston Enterprises, Inc.

Proteon

Shiva Corporation

Telebit

U.S. Robotics, Inc.

Xylogics, Inc.

Microsoft

RedBack Networks

Nortel Networks

See Also

Concepts

RADIUS Client Commands
Connection Request Policy Commands
Remote RADIUS Server Group Commands
Network Policy Commands
Network Access Protection Commands for NPS
Accounting Commands