Windows Server Event: 4910

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows Server Event: 4910

Event ID 4910 - Group policy settings were changed for TBS.

Description This event logs every change made to the TPM configurations through Group Policy object settings.
Category Policy change
Subcategory Other Policy Change Events

Trusted Platform Module (TPM) and Trusted Base Services (TBS) provide an interface to manage the TPM chip mounted on the computer for hardware authentication. These services can be controlled by Group Policy settings or Local Policy settings.The Group Policy settings for TPM is located in: Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\.

Reasons to monitor this event:

The TBS Group policy settings enlist the TPM commands (a.k.a. ordinals) blocked by Windows to ensure integrity of operations. The event logs the following information:

Old blocked ordinals Commands blocked before this event
New blocked ordinals Commands blocked after this event

If the settings are disabled, Windows will block the list of commands in the default list or local list. Modifying these settings can lead to the following changes:

Ignore the default list of blocked TPM commands <Old value>
<New value>
Ignore the local list of blocked TPM commands <Old value>
<New value>

Pro tip:

  • ADAudit Plus helps you avoid GPO monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a Domain or OU.
  • The advanced Group Policy settings real-time audit reports emphasize the elusive details in changes made and give a detailed report on the modifications along with the old and new values of the attributes.

Event 4910 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 R2 and 1

Related events - Event ID 4909 logs the changes made to TPM configuration through local policy settings.

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing