What is event ID 13?

Posted on by David Darling

What is event ID 13?

Event ID 13: The description for Event ID 13 from source nvlddmkm cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

How do I force an autoenrollment certificate?

Go to User Configuration > Windows Settings > Security Settings > Public Key Policies and then under Object Type section in the right pane, select Certificate Services Client – Auto-Enrollment. Right-click on Certificate Services Client – Auto-Enrollment and click Properties.

What is automatic certificate enrollment in Active Directory?

Certificate Auto-Enrollment Overview If you are not familiar with auto-enrollment, it is a function of Active Directory Certificate Services (ADCS) enabled by Group Policy (GPO), which allows users and devices to enroll for certificates. In most cases, there’s no user interaction required.

How do I get Sysmon logs?

DNS query log Location Sysmon logs are all located in the Applications and Services Log > Microsoft > Windows > Sysmon Operational.

Does domain controller certificate auto renew?

Domain Controllers will autoenroll (auto-renew). This is the function of the Active Directory cert auto-targeting per templates. No special GPs are required for propagation.

Does Sysmon log Powershell commands?

Sysmon is a Microsoft Windows system service and device driver that monitors system activity and logs events in the Windows event log. You can forward the Windows event logs to QRadarĀ® and analyze them to detect advanced threats on the Windows endpoints.

How do I restart a Volume Shadow Copy service?

In the Services window, right-click each of the following services individually, and then click Restart:

  1. COM+ Event System.
  2. Volume Shadow Copy.

How do I verify a domain controller certificate?

You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs. Use certlm. msc to view certificate in the local computers certificate stores.

Where is my domain controller certificate?

To view certificates:

  1. Log in to the AD domain controller. Use an administrator account.
  2. Open the MMC.
  3. Look for Certificates (Local Computer) under Console Root. If no certificate is displayed, add it as follows:
  4. Expand Certificates (Local Computer).
  5. Expand Enterprise Trust.
  6. Select Certificates.

Where are domain controller Certificates stored?

To view certificates:

  • Log in to the AD domain controller. Use an administrator account.
  • Open the MMC.
  • Look for Certificates (Local Computer) under Console Root. If no certificate is displayed, add it as follows:
  • Expand Certificates (Local Computer).
  • Expand Enterprise Trust.
  • Select Certificates.

How do I view Sysmon events?

If you need to access the Sysmon events locally as opposed to viewing them in a SIEM, you will find them in the event viewer under Applications and Services Logs > Microsoft > Windows > Sysmon.

How do I view Sysmon logs?

Sysmon logs are all located in the Applications and Services Log > Microsoft > Windows > Sysmon Operational.

How do I fix Volume Shadow Copy Service?

VSS Repair Strategy #2

  1. Open vssadmin from the command line (run cmd as administrator).
  2. Enter vssadmin delete shadows /all to clean up any dead VSS snapshots.
  3. Enter vssadmin list writers and check for errors.