Windows Security Log Event ID 4898

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory
Object Access
 • Certification Services
Type Success
Corresponding events
in Windows 2003
and before
 

4898: Certificate Services loaded a template

On this page

Windows logs this event when CS loads a certificate template in order to evaluate a new certificate request

Free Security Log Resources by Randy

Description Fields in 4898

  • %1 v%2 (Schema V%3)
  • %4
  • %5

Template Information:

  •  Template Content:  %7
  •  Security Descriptor:  %8

Additional Information:

  •  Domain Controller: %6

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 4898

Certificate Services loaded a template.

User v3.1 (Schema V1)

CN=User,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=acme-fr,DC=local

Template Information:

   Template Content: 
flags = 0x1023a (66106)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)

msPKI-Private-Key-Flag = 0x10 (16)
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)

msPKI-Certificate-Name-Flag = 0xa6000000 (2785017856)

   CT_FLAG_SUBJECT_ALT_REQUIRE_UPN ==== 0x2000000 (33554432)
   CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL ==== 0x4000000 (67108864)
   CT_FLAG_SUBJECT_REQUIRE_EMAIL ==== 0x20000000 (536870912)
   CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH ==== 0x80000000 (2147483648)

msPKI-Enrollment-Flag = 0x29 (41)

   CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS ==== 0x1
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)

msPKI-Template-Schema-Version = 1

revision = 3

msPKI-Template-Minor-Revision = 1

pKIDefaultKeySpec = 1

pKIExpirationPeriod = 1 Years

pKIOverlapPeriod = 6 Weeks

cn = User

distinguishedName = User

pKIKeyUsage = a0

displayName = User

templateDescription = User

pKIExtendedKeyUsage =

   1.3.6.1.4.1.311.10.3.4 Encrypting File System
   1.3.6.1.5.5.7.3.4 Secure Email
   1.3.6.1.5.5.7.3.2 Client Authentication

pKIDefaultCSPs =

   Microsoft Enhanced Cryptographic Provider v1.0
   Microsoft Base Cryptographic Provider v1.0

msPKI-Supersede-Templates =

msPKI-RA-Policies =

msPKI-RA-Application-Policies =

msPKI-Certificate-Policy =

msPKI-Certificate-Application-Policy =

pKICriticalExtensions =

   2.5.29.15 Key Usage

   Security Descriptor:  O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2-   90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-   00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-   00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)   (A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;LCRPLORC;;;AU)

Allow ACME-FR\Domain Admins

   Enroll

Allow ACME-FR\Domain Users

   Enroll

Allow ACME-FR\Enterprise Admins

   Enroll

Allow ACME-FR\Domain Admins

   Full Control

Allow ACME-FR\Enterprise Admins

   Full Control

Allow NT AUTHORITY\Authenticated Users

   Read
 
Additional Information:

   Domain Controller: WIN-857ZZX6RQHL.acme-fr.local

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

 

Additional Resources