Windows Security Log Event ID 4897

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Object Access
 • Certification Services
Type Success
Corresponding events
in Windows 2003
and before		  

4897: Role separation enabled

On this page

This event is logged whenever CS starts and whenever role separation is actually changed.

Role separation is a form of "separation of duty" control that you can optionally enable on your Certification Authority to ensures that the compromise of a user's account - or a user going "rogue" - does not compromise the entire CA administered by the user

Free Security Log Resources by Randy

Description Fields in 4897

Role separation enabled: %1

Supercharger Free Edition


Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 4897

Role separation enabled: No

Example of enabled

The certificate manager settings for Certificate Services changed.

Enable: Yes

Allow ACME-FR\Certificate Managers
   BUILTIN\Users
Allow ACME-FR\Certificate Managers
   BUILTIN\Users
Allow ACME-FR\Domain Admins
   Everyone
Allow ACME-FR\Enterprise Admins
   Everyone
Allow BUILTIN\Administrators
   Everyone

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!