Event ID 4889 – Certificate Services Set The Status Of A Certificate Request To Pending
|Category||Object Access: Certification Services|
Certificate Templates and Authorities can be configured to require approval either from an administrator or a certificate manager, before they sign and issue a certificate. If such a configuration is in place, then when a certificate request is received, the CA places it in the Pending Requests folder, and event ID 4889 is logged.
For this event to be logged, the corresponding "Issue and manage certificate requests" feature needs to be enabled in the CA's properties tab.
This log provides the following information:
- Request ID
Why does event ID 4889 need to be monitored?
This event should be monitored to detect anomalous and malicious activity, and to prevent privilege abuse. This log provides details about the request, and the account which requested the certificate.
With 200+ reports and real-time email and SMS alerts, ADAudit Plus tracks all certificate services related events, thus helping you meet your security, operational, and compliance needs with absolute ease.
Event 4889 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10