Windows Security Log Event ID 4900

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Object Access
 • Certification Services
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4900
Ask a question about this event

4900: Certificate Services template security was updated

On this page

Windows logs this event when you modify the ACL on a certificate template.

Free Security Log Resources by Randy

Description Fields in 4900

  • %1 v%2 (Schema V%3)
  • %4
  • %5

Template Change Information:

  •  Old Template Content:  %9
  •  New Template Content: %7
  •  Old Security Descriptor:  %10
  •  New Security Descriptor:  %8

Additional Information:

  •  Domain Controller: %6"

Supercharger Free Edition


Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 4900

Certificate Services template security was updated.

User v3.1 (Schema V1)

CN=User,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=acme-fr,DC=local

   Old Template Content: 
flags = 0x1023a (66106)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)

   New Template Content:
flags = 0x3023a (197178)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)
   CT_FLAG_IS_MODIFIED ==== 0x20000 (131072)

Old Security Descriptor:  O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;LCRPLORC;;;AU)

Allow ACME-FR\Domain Admins
   Enroll
Allow ACME-FR\Domain Users
   Enroll
Allow ACME-FR\Enterprise Admins
   Enroll
Allow ACME-FR\Domain Admins
   Full Control
Allow ACME-FR\Enterprise Admins
   Full Control
Allow NT AUTHORITY\Authenticated Users
   Read

New Security Descriptor:      O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)

Allow ACME-FR\Domain Admins
   Enroll
Allow ACME-FR\Domain Users
   Enroll
Allow ACME-FR\Enterprise Admins
   Enroll
Allow ACME-FR\Domain Admins
   Full Control
Allow ACME-FR\Enterprise Admins
   Full Control
Allow NT AUTHORITY\Authenticated Users
   Full Control

Additional Information:
   Domain Controller: WIN-857ZZX6RQHL.acme-fr.local

 

Template Change Information:

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources