Explanation/Reference:
Explanation:
ADatum identifies the following security requirements:
An offline root certification authority (CA) must be configured.

Client computers must be issued certificates by a server in their local office.

Changes to the CA configuration settings and the CA security settings must be logged.

Client computers must be able to renew certificates automatically over the Internet.

The number of permissions and privileges assigned to users must be minimized whenever possible.

Users from a group named Group1 must be able to create new instances of App1 in the private cloud.

Client computers must be issued new certificates when the computers are connected to the local

network only.
The virtual machines used to host App2 must use BitLocker Drive Encryption (BitLocker).

Users from Trey Research must be able to access App2 by using their credentials from treyresearch.com.
How to enable Certification Authority Auditing on Windows Server
By default, the Auditing function is not enabled on the CA server. After the auditing is enabled, all the events will be logged in the "Security log". To enable the auditing, I need to modify the following settings.
1. On the CA server, log in as Administrator
2. Launch "Certification Authority"
3. Right-click the name of the CA, select "Properties"
4. Select "Auditing" tab
5. Check the events, which you want to audit

6. Click "OK"
7. Launch "Local Group Policy editor"
8. Expand "Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy"
9. Double-click "Audit object access"
10. Check "Success" and "Failure"