Download Supercharger from LOGbinder.com.
Run the installation file.
Perform a default installation.
1. For further information go to this Installing Supercharger KB article.
2. The installer will install IIS if it is not installed and will reboot the server. The installation will resume upon login.
Supercharger will automatically open the web browser upon completion of the installation.
***Please note that if your DC's are Win2008r2 then you will need to run "winrm qc" on each DC in an elevated cmd prompt.***

Create Custom Log for Domain Controller Forwarded Events

Click on your collector in the dashboard.
Click on the "Subscriptions and Logs" tab and then on the "Create Event Log" button.
Configure the new event log and click "Submit".
1. The log must be named ADChanges
2. The log path can be customized
3. The maximum log size can be customized but must be at least 511,967,232 bytes.

Create a Subscription to Forward Domain Controller logs

On the "Subscriptions and Logs" tab click on the "Create Subscription" button.
On the “Create Subscription” screen enter a name and description. Select the previously created log, “Supercharger-Destination-ADChanges/Log”. Select “Builtin Deterministic 100% for High Value Servers” from the “Subscription Policy” dropdown.
Click on the “Add forwarder” button and then search for “domain controllers”. Select “Domain Controllers” in the “Results” window and then click “OK”.
For "Subscription Filter" select "Builtin – Security: Active Directory Changes” from the dropdown then click “Submit”.

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
In Group Policy Management Editor, navigate to the following location: Default Domain Policy\Computer Configuration\Policies\Administrative Templates\Windows Components\Event Forwarding
Double click on “Configure target Subscription Manager” on the right.
Select “Enabled” and then click the “Show” button.
Add the collector to the “SubscriptionManagers” list. This string can be found in Supercharger by clicking on "Quick Start" then expanding the "Configure potential source computers with Group Policy" section. Under #2 you will the collector strings syntax. Copy and paste this string. Do not copy the bullet point. Use the following syntax:
Server=http://<FQDN of the collector>:5985/wsman/SubscriptionManager/WEC,Refresh=900 where FQDN equals the “servername.domain.abc”.

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
Perform one of the two steps from this KB article: Granting Permissions for Security Log Forwarding

Connect to the Domain Controller.
Right click on “Start” then run and run “gpmc.msc”.
Expand the "Domain Controllers” OU and right click on "Default Domain Controllers Policy" and select “Edit"
Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and in the list of options in the right window click on "Audit: Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.”