Windows Security Log Event ID 4882
| Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category
• Subcategory | Object Access
• Certification Services |
|
Type
|
Success
|
Corresponding events
in Windows
2003
and before |
|
4882: The security permissions for Certificate Services changed
On this page
This event documents a change to the access control list of the Certification Authority itself. The ACL governs who can perform CA level operations documented below.
You can reach the ACL by opening the Properties dialog of the CA in the Certification Authority MMC snap-in.
This event event is only logged if "Change CA security settings" is enabled on the Audit tab of the CA's properties in Certificate Services MMC snap-in and of course if the Certificate Services audit subcategory is enabled with auditpol.
Allow user/group
permission/role
permission/role
permission/role... Allow user/group
permission/role
permission/role
permission/role... Allow user/group
permission/role
permission/role
permission/role... Allow user/group
permission/role
permission/role
permission/role...
| Roles |
Permission |
Description |
| CA Administrator |
Manage CA permission |
Configure and maintain the CA. |
| Certificate Manager |
Issue and Manage Certificates permission |
Approve certificate and revocation requests |
| |
Enroll (aka Request Certificates) |
authorized to request certificates |
| |
Read |
Read records from the CA database |
Free Security Log Resources by Randy
Setup PowerShell Audit Log Forwarding in 4 Minutes
The security permissions for Certificate Services changed.
Allow NT AUTHORITY\Authenticated Users
Enroll
Allow ACME-FR\Certificate Managers
Certificate Manager
Read
Enroll
Allow ACME-FR\Domain Admins
CA Administrator
Certificate Manager
Allow ACME-FR\Enterprise Admins
CA Administrator
Certificate Manager
Allow BUILTIN\Administrators
CA Administrator
Certificate Manager
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection