Knowledge Base

Windows System Event: 5058

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows System Event: 5058

Event ID 5058 - Key file operation.

Description	This event is generated when an operation (read, write, delete, and so on) was performed on a file that contains a KSP key by using a Key Storage Provider (KSP). This event is generated only if one of the following KSPs were used: Microsoft Software Key Storage Provider Microsoft Smart Card Key Storage Provider
Category	System
Subcategory	Other system events

The event logs the following information:

Subject	Security ID Account Name Account Domain Logon ID
Cryptographic parameters	Provider name Algorithm name Key name Key type
Key file operation information	File path Operation Return code

Reasons to monitor event:

Typically this event is required for detailed monitoring of KSP-related actions with cryptographic keys.
If you need to monitor actions related to specific cryptographic keys (“Key Name”) or a specific “Operation”, such as “Delete key file”, you can create monitoring rules and use this event as an information source.

Event 5058 applies to the following operating systems:

Windows Server 2008 R2 and 7
Windows Server 2012 R2 and 8.1
Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

Account Management Auditing

Active Directory Auditing

Windows Server Auditing

Related Products