Windows Security Log Event ID 4900

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022
Category • Subcategory	Object Access • Certification Services
Type	Success
Corresponding events in Windows 2003 and before

4900: Certificate Services template security was updated

On this page

Description of this event
Field level details
Examples
Mini-seminars on this event

Windows logs this event when you modify the ACL on a certificate template.

Free Security Log Resources by Randy

Description Fields in 4900

%1 v%2 (Schema V%3)
%4
%5

Template Change Information:

Old Template Content: %9
New Template Content: %7
Old Security Descriptor: %10
New Security Descriptor: %8

Additional Information:

Domain Controller: %6"

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

Examples of 4900

Certificate Services template security was updated.

User v3.1 (Schema V1)

CN=User,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=acme-fr,DC=local

   Old Template Content:
flags = 0x1023a (66106)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)

   New Template Content:
flags = 0x3023a (197178)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)
   CT_FLAG_IS_MODIFIED ==== 0x20000 (131072)

Old Security Descriptor: O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;LCRPLORC;;;AU)

Allow ACME-FR\Domain Admins
   Enroll
Allow ACME-FR\Domain Users
   Enroll
Allow ACME-FR\Enterprise Admins
   Enroll
Allow ACME-FR\Domain Admins
   Full Control
Allow ACME-FR\Enterprise Admins
   Full Control
Allow NT AUTHORITY\Authenticated Users
   Read

New Security Descriptor: O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)

Additional Information:
Domain Controller: WIN-857ZZX6RQHL.acme-fr.local

Template Change Information:

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 4900

27 Most Important Windows Security Events

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.