Event Details
Operating System->Microsoft Windows->Built-in logs->Windows 2008 or higher->Security Log->Object Access->Certification Services->EventID 4898 - Certificate Services loaded a template.
EventID 4898 - Certificate Services loaded a template.

Find more information about this event on ultimatewindowssecurity.com.
 Sample: 
Certificate Services loaded a template.

DomainController v4.1 (Schema V1)
 
CN=DomainController,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=itss,DC=wm,DC=zhu,DC=cn,DC=qsft

Template Information:
	Template Content:		
flags = 0x1026c (66156)
  CT_FLAG_ADD_OBJ_GUID -- 0x4
  CT_FLAG_PUBLISH_TO_DS -- 0x8
  CT_FLAG_AUTO_ENROLLMENT -- 0x20 (32)
  CT_FLAG_MACHINE_TYPE -- 0x40 (64)
  CT_FLAG_ADD_TEMPLATE_NAME -- 0x200 (512)
  CT_FLAG_IS_DEFAULT -- 0x10000 (65536)

msPKI-Private-Key-Flag = 0x0 (0)
  CTPRIVATEKEY_FLAG_ATTEST_NONE -- 0x0
  TEMPLATE_SERVER_VER_NONE<<CTPRIVATEKEY_FLAG_SERVERVERSION_SHIFT -- 0x0
  TEMPLATE_CLIENT_VER_NONE<<CTPRIVATEKEY_FLAG_CLIENTVERSION_SHIFT -- 0x0

msPKI-Certificate-Name-Flag = 0x19000000 (419430400)
  CT_FLAG_SUBJECT_ALT_REQUIRE_DIRECTORY_GUID -- 0x1000000 (16777216)
  CT_FLAG_SUBJECT_ALT_REQUIRE_DNS -- 0x8000000 (134217728)
  CT_FLAG_SUBJECT_REQUIRE_DNS_AS_CN -- 0x10000000 (268435456)

msPKI-Enrollment-Flag = 0x29 (41)
  CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS -- 0x1
  CT_FLAG_PUBLISH_TO_DS -- 0x8
  CT_FLAG_AUTO_ENROLLMENT -- 0x20 (32)

msPKI-Template-Schema-Version = 1

revision = 4

msPKI-Template-Minor-Revision = 1

pKIDefaultKeySpec = 1

pKIExpirationPeriod = 1 Years

pKIOverlapPeriod = 6 Weeks

cn = DomainController

distinguishedName = DomainController

pKIKeyUsage = a0

displayName = Domain Controller

templateDescription = Directory e-mail replication

pKIExtendedKeyUsage =
  1.3.6.1.5.5.7.3.2 Client Authentication
  1.3.6.1.5.5.7.3.1 Server Authentication

pKIDefaultCSPs =
  Microsoft RSA SChannel Cryptographic Provider

msPKI-Supersede-Templates =

msPKI-RA-Policies =

msPKI-RA-Application-Policies =

msPKI-Certificate-Policy =

msPKI-Certificate-Application-Policy =

pKICriticalExtensions =
  2.5.29.15 Key Usage

	Security Descriptor:		O:S-1-5-21-3701821694-4228108427-4157987367-519G:S-1-5-21-3701821694-4228108427-4157987367-519D:PAI(OA;;RPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-3701821694-4228108427-4157987367-498)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DA)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;DD)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;S-1-5-21-3701821694-4228108427-4157987367-519)(OA;;RPWPCR;0e10c968-78fb-11d2-90d4-00c04f79dc55;;ED)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-3701821694-4228108427-4157987367-519)(A;;LCRPLORC;;;AU)

Allow	ITSS\Enterprise Read-only Domain Controllers
	Enroll
Allow	ITSS\Domain Admins
	Enroll
Allow	ITSS\Domain Controllers
	Enroll
Allow	ITSS\Enterprise Admins
	Enroll
Allow	NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
	Enroll
Allow(0x000f00ff)	ITSS\Domain Admins
	Full Control
Allow(0x000f00ff)	ITSS\Enterprise Admins
	Full Control
Allow(0x00020094)	NT AUTHORITY\Authenticated Users
	Read


Additional Information:
	Domain Controller:	IIZHU6.itss.wm.zhu.cn.qsft
===========================
Description template stored in adtschema.dll:
===========================
Certificate Services loaded a template.

%1 v%2 (Schema V%3)
%4
%5

Template Information:
	Template Content:		%7
	Security Descriptor:		%8

Additional Information:
	Domain Controller:	%6
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows Vista (2008)
Windows 7 (2008 R2)
Windows 8 (2012)
Windows 8.1 (2012 R2)
Windows 10 (2016)
Category Object Access
Source Microsoft-Windows-Security-Auditing
TaskCategory Certification Services
EventId 4898
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Task Category A name for a subclass of events within the same Event Source. TaskCategory
Level Warning, Information, Error, etc. Level
Keywords Audit Success, Audit Failure, Classic, Connection etc. Keywords
Category A name for an aggergative event class, corresponding to the similar ones present in Windows 2003 version. Category Account Logon
Object Name InsertionString1
Whom InsertionString1
Object Type "Certificate Template" Certificate Template
Class Name "Certificate Template" Certificate Template
Security ID -
Account Name -
Account Domain -
Template Information: Template Content InsertionString7 flags = 0x1026c (66156)...
Template Information: Security Descriptor InsertionString8 O:S-1-5-21-3701821694-4228108427-4157987367-519...
DC Additional Information: Domain Controller InsertionString6 IIZHU6.itss.wm.zhu.cn.qsft
Version Template Version InsertionString2 4.1
Schema Template Schema Info InsertionString3 1
Object DN Template Distinguished Name InsertionString5 CN=DomainController,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=itss,DC=wm,DC=zhu,DC=cn,DC=qsft
Comments
You must be logged in to comment