Windows Security Log Event ID 4900
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Object Access • Certification Services |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
4900: Certificate Services template security was updated
On this page
Windows logs this event when you modify the ACL on a certificate template.
Free Security Log Resources by Randy
- %1 v%2 (Schema V%3)
- %4
- %5
Template Change Information:
- Old Template Content: %9
- New Template Content: %7
- Old Security Descriptor: %10
- New Security Descriptor: %8
Additional Information:
Supercharger Free Edition
Certificate Services template security was updated.
User v3.1 (Schema V1)
CN=User,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=acme-fr,DC=local
Old Template Content:
flags = 0x1023a (66106)
CT_FLAG_ADD_EMAIL ==== 0x2
CT_FLAG_PUBLISH_TO_DS ==== 0x8
CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)
New Template Content:
flags = 0x3023a (197178)
CT_FLAG_ADD_EMAIL ==== 0x2
CT_FLAG_PUBLISH_TO_DS ==== 0x8
CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)
CT_FLAG_IS_MODIFIED ==== 0x20000 (131072)
Old Security Descriptor: O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;LCRPLORC;;;AU)
Allow ACME-FR\Domain Admins
Enroll
Allow ACME-FR\Domain Users
Enroll
Allow ACME-FR\Enterprise Admins
Enroll
Allow ACME-FR\Domain Admins
Full Control
Allow ACME-FR\Enterprise Admins
Full Control
Allow NT AUTHORITY\Authenticated Users
Read
New Security Descriptor: O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;AU)
Allow ACME-FR\Domain Admins
Enroll
Allow ACME-FR\Domain Users
Enroll
Allow ACME-FR\Enterprise Admins
Enroll
Allow ACME-FR\Domain Admins
Full Control
Allow ACME-FR\Enterprise Admins
Full Control
Allow NT AUTHORITY\Authenticated Users
Full Control
Additional Information:
Domain Controller: WIN-857ZZX6RQHL.acme-fr.local
Template Change Information:
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection