Network Policy Server Log Configuration Discovery

Microsoft.NetworkPolicyServer.LogDiscovery (Discovery)

Knowledge Base article:

Summary

Configuration

The following configurations are discovered:

NPS Event log configuration
NPS File log configuration
NPS SQL log configuration
NPS Ports configuration
NPS registration of an NPS Server in the Active Directory

Element properties:

Target	Microsoft.NetworkPolicyServer.NPSServers
Enabled	True
Frequency	28800
Remotable	False

Object Discovery Details:

Discovered Classes and their attribuets:
Microsoft.NetworkPolicyServer.LogConfiguration EVENTAcceptedauthentication EVENTRejectedauthentication FILEAccounting FILEAuthentication FILEPeriodicaccounting FILEPeriodicauthentication FILEDirectory FILEFormat FILEDeleteoldlogs FILEFrequency FILEMaxsize SQLConnection SQLDescription SQLAccounting SQLAuthentication SQLPeriodicaccounting SQLPeriodicauthentication SQLMaxsessions PORTSAccountingports PORTSAuthenticationports REGISTEREDStatus

Discovered Classes and their attribuets:

Microsoft.NetworkPolicyServer.LogConfiguration

EVENTAcceptedauthentication
EVENTRejectedauthentication
FILEAccounting
FILEAuthentication
FILEPeriodicaccounting
FILEPeriodicauthentication
FILEDirectory
FILEFormat
FILEDeleteoldlogs
FILEFrequency
FILEMaxsize
SQLConnection
SQLDescription
SQLAccounting
SQLAuthentication
SQLPeriodicaccounting
SQLPeriodicauthentication
SQLMaxsessions
PORTSAccountingports
PORTSAuthenticationports
REGISTEREDStatus

Member Modules:

ID	Module Type	TypeId	RunAs
DS	DataSource	Microsoft.Windows.TimedScript.DiscoveryProvider	Default

Source Code:

<Discovery ID="Microsoft.NetworkPolicyServer.LogDiscovery" Enabled="true" Target="Microsoft.NetworkPolicyServer.NPSServers" ConfirmDelivery="false" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Microsoft.NetworkPolicyServer.LogConfiguration">

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="EVENTAcceptedauthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="EVENTRejectedauthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEAccounting"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEAuthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEPeriodicaccounting"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEPeriodicauthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEDirectory"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEFormat"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEDeleteoldlogs"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEFrequency"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="FILEMaxsize"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLConnection"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLDescription"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLAccounting"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLAuthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLPeriodicaccounting"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLPeriodicauthentication"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="SQLMaxsessions"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="PORTSAccountingports"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="PORTSAuthenticationports"/>

      <Property TypeID="Microsoft.NetworkPolicyServer.LogConfiguration" PropertyID="REGISTEREDStatus"/>

    </DiscoveryClass>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.TimedScript.DiscoveryProvider">

    <IntervalSeconds>28800</IntervalSeconds>

    <SyncTime/>

    <ScriptName>NPS-LogConfig.vbs</ScriptName>

    <Arguments>$MPElement$ $Target/Id$ $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Arguments>

    <ScriptBody><Script><![CDATA['Script Start

'On Error Resume next

Dim oAPI, oArgs 



Set oAPI = CreateObject("MOM.ScriptAPI")

Set oArgs = Wscript.Arguments



If oArgs.Count < 3 Then

	Call oAPI.LogScriptEvent("NPS-LogConfig.vbs", 101, 1, "NPS LogConfig script was called with fewer than three arguments and was not executed.") 

	Wscript.Quit

end If



SourceId = oArgs(0)

ManagedEntityId = oArgs(1)

TargetComputer = oArgs(2)



Set oDiscoveryData = oAPI.CreateDiscoveryData(0, SourceId, ManagedEntityId)



Set oShell = CreateObject("WScript.Shell")



' Create the application instance.

'Set oHost = odiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.NetworkPolicyServer.NPSServers']$")



' Define the property values.

'Call oHost.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", TargetComputer)

'Call oHost.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "NPS Config on " & TargetComputer)



'Call oDiscoveryData.AddInstance(oHost)



' NPS Event log configuration

Set oQuery = oShell.Exec("netsh nps show eventlog")

Dim strEVENTAcceptedauthentication, strEVENTRejectedauthentication



Do while not oquery.StdOut.AtendOfStream

	strline = oQuery.StdOut.ReadLine

	If instr(strline, "=") > 0 then

		fields = Split(strLine,"=")

		If inStr(1, fields(0),"Accepted authentication requests") Then

			strEVENTAcceptedauthentication = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Rejected authentication requests") Then

			strEVENTRejectedauthentication = trim(Fields(1))

		End If	

	End If	

loop



' NPS File log configuration

Set oQuery = oShell.Exec("netsh nps show filelog")

Dim strFILEAccounting, strFILEAuthentication, strFILEPeriodicaccounting, strFILEPeriodicauthentication

Dim strFILEDirectory, strFILEFormat, strFILEDeleteoldlogs, strFILEFrequency, strFILEMaxsize



Do while not oquery.StdOut.AtendOfStream

	strline = oQuery.StdOut.ReadLine

	If instr(strline, "=") > 0 then

		fields = Split(strLine,"=")

		If inStr(1, fields(0),"Accounting") Then

			strFILEAccounting  = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Authentication") Then

			strFILEAuthentication = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Periodic accounting status") Then

			strFILEPeriodicaccounting = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Periodic authentication status") Then

			strFILEPeriodicauthentication = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Directory") Then

			strFILEDirectory = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Format") Then

			strFILEFormat= trim(Fields(1))

		ElseIf inStr(1, fields(0),"Delete old logs") Then

			strFILEDeleteoldlogs = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Frequency") Then

			strFILEFrequency = trim(Fields(1))			

		ElseIf inStr(1, fields(0),"Max size") Then

			strFILEMaxsize = trim(Fields(1))	

		End If	

	End If	

loop



' NPS SQL log configuration

Set oQuery = oShell.Exec("netsh nps show SQLlog")

Dim strSQLConnection, strSQLDescription, strSQLAccounting, strSQLAuthentication

Dim strSQLPeriodicaccounting, strSQLPeriodicauthentication, strSQLMaxsessions



Do while not oquery.StdOut.AtendOfStream

	strline = oQuery.StdOut.ReadLine

	If instr(strline, "=") > 0 then

		fields = Split(strLine,"=")

		If inStr(1, fields(0),"Connection") Then

			strSQLConnection  = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Description") Then

			strSQLDescription = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Accounting") Then

			strSQLAccounting = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Authentication") Then

			strSQLAuthentication = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Periodic accounting status") Then

			strSQLPeriodicaccounting = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Periodic authentication status") Then

			strSQLPeriodicauthentication = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Max sessions") Then

			strSQLMaxsessions = trim(Fields(1))

		End If	

	End If	

loop



' NPS Ports configuration

Set oQuery = oShell.Exec("netsh nps show ports")

Dim strPORTSAccountingports, strPORTSAuthenticationports



Do while not oquery.StdOut.AtendOfStream

	strline = oQuery.StdOut.ReadLine

	If instr(strline, "=") > 0 then

		fields = Split(strLine,"=")

		If inStr(1, fields(0),"Accounting ports") Then

			strPORTSAccountingports = trim(Fields(1))

		ElseIf inStr(1, fields(0),"Authentication ports") Then

			strPORTSAuthenticationports = trim(Fields(1))

		End If	

	End If	

loop



' NPS registration of an NPS Server in the Active Directory

Set oQuery = oShell.Exec("netsh nps show registeredserver")

Dim strREGISTEREDStatus



Do while not oquery.StdOut.AtendOfStream

	strline = oQuery.StdOut.ReadLine

	If instr(strline, "=") > 0 then

		fields = Split(strLine,"=")

		If inStr(1, fields(0),"Status") Then

			strREGISTEREDStatus = trim(Fields(1))

		End If	

	End If	

loop



	' Create the application Component instance.

	Set oLogConfig = oDiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']$")



	' Define the property values for the class.

	' The ailable properties are detemined by the

	' Management Pack that defines the class.

	

	Call oLogConfig.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", TargetComputer)



	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/EVENTAcceptedauthentication$", strEVENTAcceptedauthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/EVENTRejectedauthentication$", strEVENTRejectedauthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEAccounting$", strFILEAccounting)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEAuthentication$", strFILEAuthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEPeriodicaccounting$", strFILEPeriodicaccounting)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEPeriodicauthentication$", strFILEPeriodicauthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEDirectory$", strFILEDirectory)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEFormat$", strFILEFormat)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEDeleteoldlogs$", strFILEDeleteoldlogs)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEFrequency$", strFILEFrequency)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/FILEMaxsize$", strFILEMaxsize)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLConnection$", strSQLConnection)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLDescription$", strSQLDescription)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLAccounting$", strSQLAccounting)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLAuthentication$", strSQLAuthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLPeriodicaccounting$", strSQLPeriodicaccounting)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLPeriodicauthentication$", strSQLPeriodicauthentication)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/SQLMaxsessions$", strSQLMaxsessions)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/PORTSAccountingports$", strPORTSAccountingports)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/PORTSAuthenticationports$", strPORTSAuthenticationports)

	Call oLogConfig.AddProperty("$MPElement[Name='Microsoft.NetworkPolicyServer.LogConfiguration']/REGISTEREDStatus$", strREGISTEREDStatus)



	Call oDiscoveryData.AddInstance(oLogConfig)



Call oAPI.Return(oDiscoveryData)



Call oAPI.LogScriptEvent ("NPS-LogConfig.vbs", 100, 0, "NPS LogConfig script is finished.") ]]></Script></ScriptBody>

    <TimeoutSeconds>60</TimeoutSeconds>

  </DataSource>

</Discovery>