Auditing of Logon-Logoff: Network Policy Server events on failure should be enabled or disabled as appropriate. Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock). NAP events can be used to help understand the overall health of the network. Event volume: Medium to high on servers that are running Network Policy Server (NPS); moderate on other servers or on client computers Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff!Audit Policy: Logon-Logoff: Network Policy Server (2) REG: NO INFO