Audit Policy: Object Access: Certification Services (Failure)ID: oval:org.secpod.oval:def:18974 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Object Access: Certification Services events on failure should be enabled or disabled as appropriate.
Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed. Examples of AD CS operations include: * AD CS starts, shuts down, is backed up, or is restored. * Certificate revocation list (CRL)-related tasks are performed. * Certificates are requested, issued, or revoked. * Certificate manager settings for AD CS are changed. * The configuration and properties of the certification authority (CA) are changed. * AD CS templates are modified. * Certificates are imported. * A CA certificate is published to Active Directory Domain Services. * Security permissions for AD CS role services are modified. * Keys are archived, imported, or retrieved. * The OCSP Responder Service is started or stopped. Monitoring these operational events is important to ensure that AD CS role services are functioning properly.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |