Windows Security Log Event ID 4910

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Uncategorized
 • Subcategory could not be determined
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4910
Ask a question about this event

4910: The group policy settings for the TBS were changed

On this page

This event, 4910, is apparently logged when you make a change to the TPM configuration through a group policy object in Active Directory as opposed to with the local policy of the system (see event 4909).

TPM Base Services (TBS) proves an interface to the Trusted Platform Module chip in the computer if so equipped. BitLocker Drive Encryption is the most prominent feature of Windows that uses TPM.

TPM commands are referred to as ordinals.  MSDN: "To preserve integrity of operations, certain TPM commands are not allowed to be executed by software on the platform. For example, some commands are only executed by system software."  

Group Policy Setting:  Ignore Default Settings

Corresponds to the "Ignore the default list of blocked TPM commands" in Computer Configuration\Policies\Administrative Templates\System\Trusted Platform Module Services.

 Old Value:  %1
 New Value:  %2

Group Policy Setting:  Ignore Local Settings
 Old Value:  %3
 New Value:  %4

Old Blocked Ordinals: TPM commands blocked before this event
New Blocked Ordinals: TPM commands blocked after this event

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Free Security Log Resources by Randy

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 4910

The group policy settings for the TBS were changed.

Group Policy Setting:  Ignore Default Settings

   Old Value:  %1
   New Value:  %2

Group Policy Setting:  Ignore Local Settings

   Old Value:  %3
   New Value:  %4

Old Blocked Ordinals: %5
New Blocked Ordinals: %6

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources