Windows Security Log Event ID 4897

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Object Access
 • Certification Services
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4897
Ask a question about this event

4897: Role separation enabled

On this page

This event is logged whenever CS starts and whenever role separation is actually changed.

Role separation is a form of "separation of duty" control that you can optionally enable on your Certification Authority to ensures that the compromise of a user's account - or a user going "rogue" - does not compromise the entire CA administered by the user

Free Security Log Resources by Randy

Description Fields in 4897

Role separation enabled: %1

Supercharger Enterprise


 

Examples of 4897

Role separation enabled: No

Example of enabled

The certificate manager settings for Certificate Services changed.

Enable: Yes

Allow ACME-FR\Certificate Managers
   BUILTIN\Users
Allow ACME-FR\Certificate Managers
   BUILTIN\Users
Allow ACME-FR\Domain Admins
   Everyone
Allow ACME-FR\Enterprise Admins
   Everyone
Allow BUILTIN\Administrators
   Everyone

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources