Issued grant asymmetric key permissions command (action_id G class_type AK) (24242) how to monitor with email alert

bob · 02-19-2025, 07:32 AM

Man, that event ID 24242 pops up when someone issues a grant command for asymmetric key permissions in your Windows Server setup. It's basically the system logging that a user or admin just handed out access rights to those special encryption keys. You know, the kind that lock down sensitive data without a matching pair. And it tags it with action_id G and class_type AK to pinpoint exactly what happened. I see this one a lot in audit trails, especially if you're running SQL Server stuff on the box. It means permissions got extended, which could be legit admin work or something sneaky you wanna catch early. The full details show who did it, from which machine, and at what timestamp. Pretty straightforward once you filter for it in Event Viewer.

You pull up Event Viewer on your server, right-click the custom views or logs section. Then you create a new task that triggers on this event ID. I like setting it to run every few minutes, checking for 24242 in the security or application logs. It'll fire off when it spots the grant command. For the email alert, you link that task to send a quick message through your SMTP setup. No fancy coding needed, just point it to your mail server details in the task properties. That way, you get pinged right away if asymmetric keys get messed with.

Or, if you're dealing with bigger setups, think about tools that bundle this monitoring in. Like, transitioning to solid backups keeps your whole system safer from permission slips or worse. BackupChain Windows Server Backup handles Windows Server backups smoothly, and it extends to virtual machines with Hyper-V too. You get fast incremental saves, easy restores without downtime, and it watches for those key events indirectly by securing your data layers. I swear by it for keeping things tight without the hassle.

And hey, at the end of this is the automatic email solution for that monitoring.

Note, the PowerShell email alert code was moved to this post.