Windows Security Log Event ID 4897

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
 • Subcategory
Object Access
 • Certification Services
Type Success
Corresponding events
in Windows 2003
and before

4897: Role separation enabled

On this page

This event is logged whenever CS starts and whenever role separation is actually changed.

Role separation is a form of "separation of duty" control that you can optionally enable on your Certification Authority to ensures that the compromise of a user's account - or a user going "rogue" - does not compromise the entire CA administered by the user

Free Security Log Resources by Randy

Description Fields in 4897

Role separation enabled: %1

Supercharger Free Edition

Your entire Windows Event Collection environment on a single pane of glass.



Examples of 4897

Role separation enabled: No

Example of enabled

The certificate manager settings for Certificate Services changed.

Enable: Yes

Allow ACME-FR\Certificate Managers
Allow ACME-FR\Certificate Managers
Allow ACME-FR\Domain Admins
Allow ACME-FR\Enterprise Admins
Allow BUILTIN\Administrators

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection


Upcoming Webinars
    Additional Resources