This section contains the following commands.
- add
registeredserver
- delete
registeredserver
- dump
- export
- import
- reset config
- reset eventlog
- reset ports
- set eventlog
- set ports
- show config
- show eventlog
- show ports
- show
registeredserver
- show vendors
For information on how to interpret netsh command syntax, see Formatting Legend.
NPS server commands
The following entries provide details for each command.
add registeredserver
Adds a Network Policy Server (NPS) to the list of registered servers in Active Directory®.
Syntax
add registeredserver [[ domain = ] domain [ server = ] server ]
Parameters
- domain
- Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.
- server
- Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.
Examples
The first example registers the local NPS server in the local domain. The second example registers an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example registers an NPS server with the FQDN NPS-01.example.com in the example.com domain.
netsh nps add registeredserver
netsh nps add registeredserver domain = example.com server = 192.168.0.2
netsh nps add registeredserver example.com NPS-01.example.com
delete registeredserver
Deletes an NPS server from the list of registered servers in Active Directory.
Syntax
delete registeredserver [[ domain = ] domain [ server = ] server ]
Parameters
- domain
- Optional. Specifies the domain in which you want to register the server. If domain is not specified, the server is registered in the local domain.
- server
- Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server that you want to register in the domain. If server is not specified, the local server is registered in either the local domain or in the domain specified with the domain parameter.
Examples
The first example removes the local NPS server in the local domain from the list of registered NPS servers in Active Directory. The second example removes an NPS server with the IP address 192.168.0.2 in a domain named example.com. The third example removes an NPS server with the FQDN NPS-01.example.com in the example.com domain.
netsh nps delete registeredserver
netsh nps delete registeredserver domain = example.com server = 192.168.0.2
netsh nps delete registeredserver example.com NPS-01.example.com
dump
Displays the NPS server configuration in the command prompt window. To save the NPS server configuration to a file, use the export command.
Syntax
dump [ exportPSK = ] YES
Parameters
- exportPSK
- Required. Specifies that you want to display the shared secrets for RADIUS clients and remote RADIUS servers.
Remarks
To export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.
The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.
In addition, SQL Server® logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server logging.
Example
dump exportPSK = YES
export
Exports the NPS server configuration to a file in Extensible Markup Language (XML) format.
Syntax
export [filename =] filename.xml [ exportPSK = ] YES
Parameters
- filename
- Required. Specifies the name of the XML file to which you want to export the NPS server configuration.
- exportPSK
- Required. Specifies that you want to export the shared secrets for RADIUS clients and remote RADIUS servers.
Remarks
If you want to export the NPS server configuration, you must also export all shared secrets. Export of NPS server configuration without shared secrets is not supported.
The exported file contains unencrypted shared secrets for RADIUS clients and members of remote RADIUS server groups. Because of this, you should ensure that the file is stored in a secure location to prevent malicious users from accessing the file.
In addition, SQL Server Logging settings are not exported to the file. After you import the file on another NPS server, you must manually configure SQL Server Logging.
Example
export filename = "c:\config.xml" exportPSK = YES
import
Imports the NPS server configuration from a file in the Extensible Markup Language (XML) file format.
Syntax
import [filename =] filename.xml
Parameters
- filename
- Required. Specifies the name of the XML file from which you want to import the NPS server configuration.
Example
import C:\nps.xml
Remarks
In Windows Server 2008 R2, this Netsh command is modified from the version in Windows Server 2008, and might provide different functionality. For more information, see Netsh Commands for Network Policy Server in Windows Server 2008 R2.
Using this command in Windows Server 2008, you can import the configuration of another NPS server, but you cannot import the configuration of a server running Windows Server 2003 and Internet Authentication Service (IAS). To import an IAS server configuration into NPS, follow the instructions in the following article:
reset config
Deletes the NPS server configuration, including RADIUS clients, connection request policies, network policies, accounting configuration, and other items, and restores the NPS server to the default post-installation state.
 Caution |
|---|
| Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file. |
Syntax
reset config
reset eventlog
Deletes the event log configuration and restores the NPS server to the default post-installation state.
| Caution |
|---|
| Do not run this command if you want to maintain any of the settings you have configured at the NPS server. This command deletes all custom settings that you have configured, and after running this command, your settings cannot be recovered. Before you run this command, it is recommended that you use the export command to save the NPS server configuration to an XML file. |
Syntax
reset eventlog
reset ports
Deletes the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages, and restores them to the default values of UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.
Syntax
reset ports
set eventlog
Specifies whether successful and rejected authentication events are recorded in the event log.
 Note |
|---|
| Event log entries are viewed with Event Viewer. |
Syntax
set eventlog [ [accept = ] Enable | Disable [reject = ] Enable | Disable ]
Parameters
- Accept
- Optional. Specifies whether successful authentication requests are recorded in the event log. By default, successful authentication requests are logged by NPS.
- Reject
- Optional. Specifies whether unsuccessful authentication requests are recorded in the event log. By default, rejected authentication requests are logged by NPS.
Remarks
- Although both parameters are optional, you
must designate at least one parameter for the command to change
event log settings in NPS.
- For commands related to NPS log files and SQL
Server logging, see the section "Accounting Commands."
set ports
Specifies the User Datagram Protocol (UDP) ports that RADIUS servers, RADIUS proxies, and RADIUS clients use for RADIUS authentication and accounting messages. By default, NPS is configured to use UDP ports 1812 and 1645 for RADIUS authentication messages and UDP ports 1813 and 1646 for accounting messages.
 Important |
|---|
| The ports you configure on your NPS server must match the ports used by your network access servers and RADIUS proxies, or network access authentication will fail. |
Syntax
set ports [ accounting = ] ports [ authentication = ] ports
Parameters
- accounting
- Optional. Specifies the port numbers used for RADIUS accounting message traffic. If accounting is not specified, the default ports of 1646 and 1813 are used for RADIUS accounting traffic. To specify the network interface and the port number, use the following syntax: IPaddress:portnumber
- authentication
- Optional. Specifies the port numbers used for RADIUS authentication message traffic. If authentication is not specified, the default ports of 1645 and 1812 are used for RADIUS authentication traffic. To specify the network interface and the port number, use the following syntax: IPaddress:portnumber
Remarks
- Although both parameters are optional, you
must specify at least one parameter for any change to occur to the
NPS server port configuration. Running this command without
parameters results in no change to the current port configuration
on the NPS server.
- If you have previously changed the default
values for accounting (1646, 1813) and authentication (1645, 1812)
ports and you want to restore the defaults, you must specify the
default values when running this command.
show config
Displays the NPS server configuration. The displayed settings are: event logging settings, accounting file log configuration, ports, server registration status, system health validator (SHV) configuration, and SQL Server logging settings.
Syntax
show config
show eventlog
Displays the NPS event log configuration, including whether accepted and rejected authentication requests are logged by NPS.
Syntax
show eventlog
show ports
Displays the RADIUS port configuration for the local NPS server.
Syntax
show ports
show registeredserver
Displays information for a server that is registered in Active Directory.
Syntax
show registeredserver [[ domain = ] domain [ server = ] server ]
Parameters
- domain
- Optional. Specifies the domain in which the server is registered. If domain is not specified, the local domain is automatically queried.
- Server
- Optional. Specifies, by IP address or Fully Qualified Domain Name (FQDN), the server whose information you want to display. If server is not specified, information for the local server is displayed.
Example
show registeredserver server = "Server1"
show vendors
Displays a list of hardware and software vendors.
Syntax
show vendors
Remarks
The following list of hardware vendors, protocols, and software vendors is available when you run the show vendors command.
Vendor name
RADIUS Standard
3Com
ACC
ADC Kentrox
Ascend Communications Inc.
BBN
BinTec Communications GmbH
Cabletron Systems
Cisco
Digi International
EICON
Gandalf
Intel Corporation
Lantronix
Livingston Enterprises, Inc.
Proteon
Shiva Corporation
Telebit
U.S. Robotics, Inc.
Xylogics, Inc.
Microsoft
RedBack Networks
Nortel Networks