Configure CA Event Auditing
Applies To: Windows Server 2008
You can audit a variety of events relating to the management and activities of a certification authority (CA):
Back up and restore the CA database
Change the CA configuration
Change CA security settings
Issue and manage certificate requests
Revoke certificates and publish certificate revocation lists (CRLs)
Store and retrieve archived keys
Start and stop Active Directory Certificate Services (AD CS)
You must be a CA administrator or a CA auditor to complete this procedure. The CA auditor must perform this procedure if the CA has been configured to enforce role-based administration. For more information, see Implement Role-Based Administration.
To configure CA event auditing
Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties.
On the Auditing tab, click the events you want to audit, and then click OK.
On the Action menu, point to All Tasks, and then click Stop Service.
On the Action menu, point to All Tasks, and then click Start Service.
Additional considerations
- To audit events, the computer must also be configured for auditing of object access. Audit policy options can be viewed and managed in local or domain Group Policy under Computer Configuration\Windows Settings\Security Settings\Local Policies.