Tag Archive: Certificate Services

ADCS Auditing for MDI

Copy Friendly

certutil –setreg CA\AuditFilter 127 

net stop certsvc && net start certsvc

Configure auditing on the configuration container

Open ADSI Editor

Right click on the configuration Node (CN=…) and select Properties > Security Tab > Advanced

MAKE SURE YOU SELECT THE AUDIT TAB!!

Click Add (VERY IMPORTANT THAT YOU ARE IN AUDIT TAB)

Select principal Everyone, Type: All And Applies to: This object and all descendant objects

Scroll to the bottom and click “Clear” and back up and check the Write all properties

Defender for Identity no longer requires logging 1644 events. If you have this registry setting enabled, you can remove it.

Happy Hunting!