Download Supercharger from LOGbinder.com.
Run the installation file.
Perform a default installation.
1. For further information go to this Installing Supercharger KB article.
2. The installer will install IIS if it is not installed and will reboot the server. The installation will resume upon login.
Supercharger will automatically open the web browser upon completion of the installation.
***Please note that if your DC's are Win2008r2 then you will need to run "winrm qc" on each DC in an elevated cmd prompt.***

Create Custom Log for Domain Controller Forwarded Events

Expand the collector and click on the “Add Event Log” button.
Configure the new event log:
1. The log must be named ADChanges
2. The log path can be customized
3. The maximum log size can be customized but must be at least 511,967,232 bytes.
Click “Save”.

Create a Subscription to Forward Domain Controller logs

Expand the collector and click on the “Add Subscription” button.
On the “New Subscription” screen and enter a name and description. Select the previously created log, “Supercharger-Destination-ADChanges/Log”, and click on “Next”.
Select “Builtin Deterministic 100% for High Value Servers” from the “Policy” dropdown.
Click on the green “Add” button and then search for “domain controllers”. Select “Domain Controllers” in the “Results” window and then click “Add Forwarder”. Then click “Next”.
Select “Builtin – Security: Active Directory Changes” from the dropdown then click “Next”.
Click on the green “Add Subscription” button.

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
In Group Policy Management Editor, navigate to the following location: Default Domain Policy\Computer Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding
Double click on “Configure target Subscription Manager” on the right.
Select “Enabled” and then click the “Show” button.
Add the collector to the “SubscriptionManagers” list. This string can be found in Supercharger by clicking on "Quick Start" then expanding the "Configure potential source computers with Group Policy" section. Under #2 you will the collector strings syntax. Copy and paste this string. Do not copy the bullet point. Use the following syntax:
Server=http://<FQDN of the collector>:5985/wsman/SubscriptionManager/WEC,Refresh=900 where FQDN equals the “servername.domain.abc”.

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
Perform one of the two steps from this KB article: Granting Permissions for Security Log Forwarding

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and in the list of options in the right window click on "Audit: Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.”