Windows Security Log Event ID 4898

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022
Category • Subcategory	Object Access • Certification Services
Type	Success
Corresponding events in Windows 2003 and before

4898: Certificate Services loaded a template

On this page

Description of this event
Field level details
Examples

Windows logs this event when CS loads a certificate template in order to evaluate a new certificate request

Free Security Log Resources by Randy

Description Fields in 4898

%1 v%2 (Schema V%3)
%4
%5

Template Information:

Template Content: %7
Security Descriptor: %8

Additional Information:

Domain Controller: %6

Supercharger Free Edition

Centrally manage WEC subscriptions.

Free.

Examples of 4898

Certificate Services loaded a template.

User v3.1 (Schema V1)

CN=User,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=acme-fr,DC=local

Template Information:

   Template Content:
flags = 0x1023a (66106)
   CT_FLAG_ADD_EMAIL ==== 0x2
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)
   CT_FLAG_ADD_TEMPLATE_NAME ==== 0x200 (512)
   CT_FLAG_IS_DEFAULT ==== 0x10000 (65536)

msPKI-Private-Key-Flag = 0x10 (16)
CT_FLAG_EXPORTABLE_KEY ==== 0x10 (16)

msPKI-Certificate-Name-Flag = 0xa6000000 (2785017856)

   CT_FLAG_SUBJECT_ALT_REQUIRE_UPN ==== 0x2000000 (33554432)
   CT_FLAG_SUBJECT_ALT_REQUIRE_EMAIL ==== 0x4000000 (67108864)
   CT_FLAG_SUBJECT_REQUIRE_EMAIL ==== 0x20000000 (536870912)
   CT_FLAG_SUBJECT_REQUIRE_DIRECTORY_PATH ==== 0x80000000 (2147483648)

msPKI-Enrollment-Flag = 0x29 (41)

   CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS ==== 0x1
   CT_FLAG_PUBLISH_TO_DS ==== 0x8
   CT_FLAG_AUTO_ENROLLMENT ==== 0x20 (32)

msPKI-Template-Schema-Version = 1

revision = 3

msPKI-Template-Minor-Revision = 1

pKIDefaultKeySpec = 1

pKIExpirationPeriod = 1 Years

pKIOverlapPeriod = 6 Weeks

cn = User

distinguishedName = User

pKIKeyUsage = a0

displayName = User

templateDescription = User

pKIExtendedKeyUsage =

   1.3.6.1.4.1.311.10.3.4 Encrypting File System
   1.3.6.1.5.5.7.3.4 Secure Email
   1.3.6.1.5.5.7.3.2 Client Authentication

pKIDefaultCSPs =

Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Base Cryptographic Provider v1.0

msPKI-Supersede-Templates =

msPKI-RA-Policies =

msPKI-RA-Application-Policies =

msPKI-Certificate-Policy =

msPKI-Certificate-Application-Policy =

pKICriticalExtensions =

2.5.29.15 Key Usage

Security Descriptor: O:EAG:EAD:PAI(OA;;RPWPCR;0e10c968-78fb-11d2- 90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4- 00c04f79dc55;;DU)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4- 00c04f79dc55;;EA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA) (A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;EA)(A;;LCRPLORC;;;AU)

Allow ACME-FR\Domain Admins

Enroll

Allow ACME-FR\Domain Users

Enroll

Allow ACME-FR\Enterprise Admins

Enroll

Allow ACME-FR\Domain Admins

Full Control

Allow ACME-FR\Enterprise Admins

Full Control

Allow NT AUTHORITY\Authenticated Users

Read

Additional Information:

Domain Controller: WIN-857ZZX6RQHL.acme-fr.local

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

December 2024 Patch Tuesday	"Patch Tuesday - 2 Zero Days...See You in 2025! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.