Only after all configurations are complete, events will start to show up in Security event log:Ī full list of events registered by certificate services is provided in Securing PKI: Appendix A: Events to Monitor article. In addition, audit subcategory processing must be enabled under: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings:Īnd apply the GPO to OU where CA servers reside and refresh policies on CA servers. It is configured with Success and Failure (this one is optional) under: Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Audit Certification Services: Second step requires GPO configuration, either, local (for workgroup members) or domain. In most cases it is configured simply as: certutil –setreg CA\AuditFilter 127ĭon’t forget to restart certificate services, when configuring audit settings in Certification Authority MMC. Here is the Microsoft article on configuring audit filter: Securing PKI: Appendix B: Certification Authority Audit Filter.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |