I'm in the process of rolling out a Windows Server 2008 R2 Active Directory Certificate Services implementation and want to audit all access and changes to the CA configuration.
I know the following settings are required:
1. certutil -setreg CA\AuditFilter 127.
2. Modify local policy settings for enable Success, Failure auditing for Computer Configuration/Windows Settings/Security Settings/Advanced Audit Policy Configuration/System Audit Policies/Object Access/Audit Certification Services.
I believe there is another setting that should be defined to maximize the detail logged in the event logs, but have had no luck in finding it. I know I've read about it somewhere during the planning and design process, but I'm having no luck in finding it now.
Can anyone point in the right direction for maximizing the log detail?
TIA.