Wednesday, January 02, 2013 10:37 PM
I'm in the process of rolling out a Windows Server 2008 R2 Active Directory Certificate Services implementation and want to audit all access and changes to the CA configuration.
I know the following settings are required:
1. certutil -setreg CA\AuditFilter 127.
2. Modify local policy settings for enable Success, Failure auditing for Computer Configuration/Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access/Audit Certification Services.
I believe there is another setting that should be defined to maximize the detail logged in the event logs, but have had no luck in finding it. I know I've read about it somewhere during the planning and design process, but I'm having no luck in finding it now.
Can anyone point in the right direction for maximizing the log detail?
- Edited by Rob Lowe Wednesday, January 02, 2013 10:42 PM
Thursday, January 03, 2013 6:19 AM
Thursday, January 03, 2013 2:36 PM
There is a command that will maximize the level of audit detail logged in the Security Log. I believe the switch for the command sets log detail to '4'.
Thursday, January 03, 2013 6:03 PM
I found the command I was looking for. The command is:
certutil -setreg CA\Loglevel 4
Vadims - thank you for your response.
I hope this helps someone else down the line.
- Marked As Answer by Rob Lowe Thursday, January 03, 2013 6:03 PM
Friday, January 04, 2013 1:58 AMModeratorThank you for sharing your experience and solution.