Windows Security Log Event ID 4885
| Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category
• Subcategory | Object Access
• Certification Services |
|
Type
|
Success
|
Corresponding events
in Windows
2003
and before |
|
4885: The audit filter for Certificate Services changed
On this page
Windows logs this event whenever you modify the Auditing tab of the Properties dialog of the CA in the Certification Authority MMC snap-in. The Audit tab controls which CA releated events are reported to the security log.
The Filter: field below is a bitwise representation of the check boxes on the Audit tab mentioned above.
Free Security Log Resources by Randy
Filter:
Selected values
0 - all auditing disabled
127 - all auditing enabled
| Bit |
Meaning |
| 1 |
Start and stop Active Directory Certificate Services |
| 2 |
Backup and restore the CA database |
| 3 |
Issue and manage certificate requests |
| 4 |
Revoke certificates and publish CRLs |
| 5 |
Change CA security settings |
| 6 |
Store and retrieve archived keys |
| 7 |
Change CA configuration |
The order of the check boxes in the Auditing tab dialog do not correspond to the order of the bits in the filter.
The decision to log this event at all is governed by the filter itself, specifically the "Change CA configuration" check box. Unfortunateley if you disable this box, no event is recorded.
Supercharger Free Edition
Centrally manage WEC subscriptions.
Free.