none
Certificate Services Auditing Detail Question

    Question

  • I'm in the process of rolling out a Windows Server 2008 R2 Active Directory Certificate Services implementation and want to audit all access and changes to the CA configuration.

    I know the following settings are required:

    1.  certutil -setreg CA\AuditFilter 127.

    2.  Modify local policy settings for enable Success, Failure auditing for Computer Configuration/Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access/Audit Certification Services.

    I believe there is another setting that should be defined to maximize the detail logged in the event logs, but have had no luck in finding it.  I know I've read about it somewhere during the planning and design process, but I'm having no luck in finding it now.

    Can anyone point in the right direction for maximizing the log detail?

    TIA.


    • Edited by Rob Lowe Wednesday, January 02, 2013 10:42 PM
    Wednesday, January 02, 2013 10:37 PM

Answers

  • I found the command I was looking for.  The command is:

    certutil -setreg CA\Loglevel 4

    Vadims - thank you for your response.

    I hope this helps someone else down the line.

    • Marked as answer by Rob Lowe Thursday, January 03, 2013 6:03 PM
    Thursday, January 03, 2013 6:03 PM

All replies