In Windows there is a Certificate Store, where users and admins (depending on the setup) can make their changes: add root CA, modify CRL, etc. It seems to be quite a critical place in system security. So I come to the question:
Can Windows be set up to log changes to Certificate Store to its standard log fcility, EventLog?
Till now I only managed to get a certificate removed event (ID 1004) from CertificateServicesClient-Lifecycle
log, but nothing about certificate added or anything else.
Upd.: I tried both Windows Server 2012 R2 and Windows 10 and got same results.
Upd.2: Just tried also on a fresh Windows 8 installation: got same results. What should be configured to enable these logs?