Windows Security Log Event ID 4909
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Uncategorized • Subcategory could not be determined |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
4909: The local policy settings for the TBS were changed
On this page
This event, 4909, is apparently logged when you make a change to the TPM configuration in the local policy object of the computer as opposed to GPOs in Active Directory (see event 4910).
TPM Base Services (TBS) proves an interface to the Trusted Platform Module chip in the computer if so equipped. BitLocker Drive Encryption is the most prominent feature of Windows that uses TPM.
TPM commands are referred to as ordinals. MSDN: "To preserve integrity of operations, certain TPM commands are not allowed to be executed by software on the platform. For example, some commands are only executed by system software."
Old Blocked Ordinals: TPM commands blocked before this event
New Blocked Ordinals: TPM commands blocked after this event
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
Free Security Log Resources by Randy
- Old Blocked Ordinals: %1
- New Blocked Ordinals: %2
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.