# Internet Authentication Service > Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Internet_Authentication_Service > Markdown URL: https://mediated.wiki/source/Internet_Authentication_Service.md > Source: https://en.wikipedia.org/wiki/Internet_Authentication_Service > Source revision: 1285381991 > License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/) Component of Windows Server **Internet Authentication Service** (IAS) is a component of [Windows Server](/source/Windows_Server) operating systems that provides centralized user [authentication, authorization and accounting](/source/AAA_protocol). ## Overview While [Routing and Remote Access Service](/source/Routing_and_Remote_Access_Service) (RRAS) security is sufficient for small networks, larger companies often need a dedicated infrastructure for authentication. [RADIUS](/source/RADIUS) is a standard for dedicated authentication servers. [Windows 2000 Server](/source/Windows_2000_Server) and [Windows Server 2003](/source/Windows_Server_2003) include the Internet Authentication Service (IAS), an implementation of RADIUS server. IAS supports authentication for Windows-based clients, as well as for third-party clients that adhere to the RADIUS standard. IAS stores its authentication information in [Active Directory](/source/Active_Directory), and can be managed with Remote Access Policies. IAS first showed up for [Windows NT 4.0](/source/Windows_NT_4.0) in the Windows NT 4.0 Option Pack and in *Microsoft Commercial Internet System (MCIS)* 2.0 and 2.5. While IAS requires the use of an additional server component, it provides a number of advantages over the standard methods of RRAS authentication. These advantages include centralized authentication for users, auditing and accounting features, [scalability](/source/Scalability), and seamless integration with the existing features of RRAS. In [Windows Server 2008](/source/Windows_Server_2008), [Network Policy Server](/source/Network_Policy_Server) (NPS) replaces the Internet Authentication Service (IAS). NPS performs all of the functions of IAS in Windows Server 2003 for VPN and 802.1X-based wireless and wired connections and performs health evaluation and the granting of either unlimited or limited access for [Network Access Protection](/source/Network_Access_Protection) clients. ## Logging By default, IAS logs to local files (%systemroot%\LogFiles\IAS\*) though it can be configured to log to [SQL](/source/SQL) as well (or in place of). When logging to SQL, IAS appears to wrap the data into [XML](/source/Extensible_Markup_Language), then calls the [stored procedure](/source/Stored_procedure) report_event, passing the XML data as text... the stored procedure can then unwrap the XML and save data as desired by the user. ## History The initial version of Internet Authentication Service was included with the [Windows NT 4.0](/source/Windows_NT_4.0) Option Pack. Windows 2000 Server's implementation added support for more intelligent resolution of user names that are part of a [Windows Server domain](/source/Windows_Server_domain), support for [UTF-8](/source/UTF-8) logging, and improved security.[1] It also added support for EAP Authentication for [IEEE 802.1x](/source/IEEE_802.1x) networks. Later on it added PEAP (with [service Pack](/source/Service_pack) 4). Windows Server 2003's implementation introduces support for logging to a [Microsoft SQL Server](/source/Microsoft_SQL_Server) database, cross-forest authentication (for Active Directory user accounts in other Forests that the IAS server's Forest has a cross-forest trust relationship with, not to be confused with Domain trust which has been a feature in IAS since NT4), support for [IEEE 802.1X](/source/IEEE_802.1X) port-based authentication, and other features.[2] All versions of IAS support multi domain setups. Only Windows Server 2003 supports cross forest. While NT4 version includes a Radius Proxy, Windows 2000 didn't have such a feature. Windows Server 2003 reintroduced the feature and is capable of intelligently proxy, load balance, and tolerate faults from faulty or unreachable back-end servers. ## References 1. **[^](#cite_ref-1)** [Internet Authentication Service for Windows 2000](https://technet.microsoft.com/en-us/library/bb742380.aspx) 1. **[^](#cite_ref-2)** [Windows Server 2003: Network Protocols and Technologies](https://technet.microsoft.com/en-us/library/cc736697(WS.10).aspx#newsince2000) ## External links - [Deploying Internet Authentication Service (IAS)](https://technet.microsoft.com/en-us/library/cc783725(WS.10).aspx) in Windows 2003 - [Internet Authentication Service](https://technet.microsoft.com/en-us/library/cc977950.aspx) in the Microsoft Windows 2000 Resource Kit - [Article describing how to log IAS (RADIUS) + DHCP to SQL](https://web.archive.org/web/20070312010951/http://www.tcs.auckland.ac.nz/~james/wlan-logging/) - [Deprecated link](https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidance) at [archive.today](/source/Archive.today) (archived 2012-12-06) - [Deprecated link](https://en.wikipedia.org/wiki/Wikipedia:Archive.today_guidance) at [archive.today](/source/Archive.today) (archived 2012-12-05) - [IAS Log parsing utility. Allows to visualize ias log files](http://www.deepsoftware.com/iasviewer/) --- Adapted from the Wikipedia article [Internet Authentication Service](https://en.wikipedia.org/wiki/Internet_Authentication_Service) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Internet_Authentication_Service?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.