Windows Server

How to Audit Certificate services

Follow the below steps to Audit Certification Services:

1. On the CA server, you have to open the CA Properties and check all the options or some options according to our needs.

For reference check the below image:

2. After that on the DC (Domain Controller), open Default Domain Policy object and enable the below mentioned two settings.

Note: you need to enable it in the Default Domain Policy object, if we enable the settings in other custom GPO object, it does not work.

Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy→ Audit Object Access => Success and Failure

Computer Configuration → Policies → Windows Settings → Security Settings →Advanced Audit Policy Configuration → Audit Policy→ Object Access →Audit Certificate service => Success and Failure

3. Run gpupdate /force on the CA server and along with other clients to refresh GPO settings.

4. Then we can try to request certificate and check these event ID under security log on CA server.

Events IDs to check:

Audit Certification Services
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-certification-services

Hope the above information is helpful to you.

One thought on “How to Audit Certificate services

Leave a Reply

Your email address will not be published. Required fields are marked *