Windows logs this event whenever you modify the Auditing tab of the Properties dialog of the CA in the Certification Authority MMC snap-in. The Audit tab controls which CA releated events are reported to the security log.
The Filter: field below is a bitwise representation of the check boxes on the Audit tab mentioned above.
Filter:
Selected values
0 - all auditing disabled
127 - all auditing enabled
Bit |
Meaning |
1 |
Start and stop Active Directory Certificate Services |
2 |
Backup and restore the CA database |
3 |
Issue and manage certificate requests |
4 |
Revoke certificates and publish CRLs |
5 |
Change CA security settings |
6 |
Store and retrieve archived keys |
7 |
Change CA configuration |
The order of the check boxes in the Auditing tab dialog do not correspond to the order of the bits in the filter.
The decision to log this event at all is governed by the filter itself, specifically the "Change CA configuration" check box. Unfortunateley if you disable this box, no event is recorded.