Microsoft-Windows-LAPS
110 events across 1 channel
Event ID 10000 — The Local Administrator Password feature was successfully loaded and initialized.
Description
The Local Administrator Password feature was successfully loaded and initialized.
Message #
Event ID 10001 — The Local Administrator Password dll failed to initialize.
Description
The Local Administrator Password dll failed to initialize.
Message #
Event ID 10002 — The Local Administrator Password dll was unloaded.
Description
The Local Administrator Password dll was unloaded.
Message #
Event ID 10003 — LAPS policy processing is now starting.
Description
LAPS policy processing is now starting.
Message #
Event ID 10004 — LAPS policy processing succeeded.
Description
LAPS policy processing succeeded.
Message #
Event ID 10005 — LAPS policy processing failed with the error code below.
Event ID 10006 — LAPS password encryption is required but the Active Directory domain is not yet at 2016 domain functional level.
Description
LAPS password encryption is required but the Active Directory domain is not yet at 2016 domain functional level. The password was not updated and no changes will be made until this is corrected.
Message #
Event ID 10007 — LAPS is not currently configured to manage any account.
Description
LAPS is not currently configured to manage any account.
Message #
Event ID 10008 — LAPS policy is currently not supported on domain controllers.
Description
LAPS policy is currently not supported on domain controllers.
Message #
Event ID 10009 — LAPS is configured to backup passwords to Active Directory.
Description
LAPS is configured to backup passwords to Active Directory.
Message #
Event ID 10010 — LAPS is configured to backup passwords to Azure Active Directory.
Description
LAPS is configured to backup passwords to Azure Active Directory.
Message #
Event ID 10011 — LAPS failed when querying Active Directory for the current computer state.
Event ID 10012 — The Active Directory schema has not been updated with the necessary LAPS attributes.
Description
The Active Directory schema has not been updated with the necessary LAPS attributes.
Message #
Event ID 10013 — LAPS failed to find the currently configured local administrator account.
Event ID 10014 — LAPS is updating the managed account password due to an Administrator-initiated request.
Description
LAPS is updating the managed account password due to an Administrator-initiated request.
Message #
Event ID 10015 — The managed account password needs to be updated due to one or more reasons (Data1).
Event ID 10016 — The managed account password does not need to be updated at this time.
Description
The managed account password does not need to be updated at this time.
Message #
Event ID 10017 — LAPS failed to update Active Directory with the new password.
Event ID 10018 — LAPS successfully updated Active Directory with the new password.
Description
LAPS successfully updated Active Directory with the new password.
Message #
Event ID 10019 — LAPS failed to update the local admin account with the new password.
Event ID 10020 — LAPS successfully updated the local admin account with the new password.
Event ID 10021 — The current LAPS policy is configured as follows.
Description
The current LAPS policy is configured as follows.
Message #
Fields #
| Name | Description |
|---|---|
PolicySource UnicodeString | — |
BackupDirectory UnicodeString | — |
AdminAccountName UnicodeString | — |
PasswordAgeDays Int32 | — |
PasswordComplexity Int32 | — |
PasswordLength Int32 | — |
PasswordExpirationProtectionEnabled Int32 | — |
PasswordEncryptionEnabled Int32 | — |
PasswordEncryptionTargetPrincipal UnicodeString | — |
PasswordEncryptionHistorySize Int32 | — |
BackupDSRMPassword Int32 | — |
PostAuthResetDelay Int32 | — |
PostAuthActions HexInt32 | — |
AutomaticAccountManagementEnabled Int32 | — |
AutomaticAccountManagementTarget UnicodeString | — |
AutomaticAccountManagementNameOrPrefix UnicodeString | — |
AutomaticAccountManagementEnableAccount Int32 | — |
AutomaticAccountManagementRandomizeName Int32 | — |
Event ID 10022 — The current LAPS policy is configured as follows.
Description
The current LAPS policy is configured as follows.
Message #
Fields #
| Name | Description |
|---|---|
PolicySource UnicodeString | — |
BackupDirectory UnicodeString | — |
AdminAccountName UnicodeString | — |
PasswordAgeDays Int32 | — |
PasswordComplexity Int32 | — |
PasswordLength Int32 | — |
PostAuthResetDelay Int32 | — |
PostAuthActions HexInt32 | — |
AutomaticAccountManagementEnabled Int32 | — |
AutomaticAccountManagementTarget UnicodeString | — |
AutomaticAccountManagementNameOrPrefix UnicodeString | — |
AutomaticAccountManagementEnableAccount Int32 | — |
AutomaticAccountManagementRandomizeName Int32 | — |
Event ID 10023 — The current LAPS policy is configured as follows.
Event ID 10024 — LAPS policy is configured as disabled.
Description
LAPS policy is configured as disabled.
Message #
Event ID 10025 — Azure discovery failed.
Event ID 10026 — LAPS was unable to authenticate to Azure using the device identity.
Event ID 10027 — LAPS was unable to create an acceptable new password.
Event ID 10028 — LAPS failed to update Azure Active Directory with the new password.
Event ID 10029 — LAPS successfully updated Azure Active Directory with the new password.
Description
LAPS successfully updated Azure Active Directory with the new password.
Message #
Event ID 10030 — LAPS is sending a message to the following endpoint.
Event ID 10031 — LAPS blocked an external request that tried to modify the password of the current managed account.
Event ID 10032 — LAPS was unable to authenticate to Azure using the device identity.
Event ID 10033 — The machine is configured with legacy LAPS policy settings but a legacy LAPS product appears to be installed.
Message #
Event ID 10034 — The configured encryption principal is an isolated (ambiguous) name.
Event ID 10035 — The configured encryption principal name could not be mapped to a known account.
Event ID 10036 — The SID for the configured encryption principal could not be mapped to a known account.
Event ID 10037 — The DSRM account cannot be managed because password encryption is disabled.
Description
The DSRM account cannot be managed because password encryption is disabled. Please enable password encryption in the LAPS policy settings in order to enable DSRM account password management.
Message #
Event ID 10038 — LAPS failed to update the DSRM administrator account with the new password.
Event ID 10039 — LAPS successfully updated the DSRM administrator account with the new password.
Event ID 10040 — LAPS blocked an external request that tried to modify the password of the currently managed DSRM account.
Event ID 10041 — LAPS detected a successful authentication for the currently managed account.
Event ID 10042 — The post-authentication grace period has expired per policy.
Event ID 10043 — LAPS failed to reset the password for the currently managed account.
Event ID 10044 — LAPS successfully reset the password for the currently managed account and completed all configured post-authentication actions.
Event ID 10045 — LAPS successfully reset the password for the currently managed account.
Event ID 10046 — LAPS was scheduled to reset the password for the currently managed account after expiry of the grace period after a previous authentication event.
Event ID 10047 — A pending post-authentication reset timer has been rescheduled after a reboot.
Description
A pending post-authentication reset timer has been rescheduled after a reboot.
Message #
Event ID 10048 — The currently pending post-authentication reset timer has been retried the maximum allowed number attempts and will no longer be scheduled.
Description
The currently pending post-authentication reset timer has been retried the maximum allowed number attempts and will no longer be scheduled.
Message #
Event ID 10049 — LAPS attempted to reboot the machine as a post-authentication action but the operation failed.
Event ID 10050 — LAPS is updating the managed account password due to an Azure-initiated request.
Description
LAPS is updating the managed account password due to an Azure-initiated request.
Message #
Event ID 10051 — LAPS is updating the managed account password in response to a post-authentication action.
Description
LAPS is updating the managed account password in response to a post-authentication action.
Message #
Event ID 10052 — LAPS is processing the current policy per normal background scheduling.
Description
LAPS is processing the current policy per normal background scheduling.
Message #
Event ID 10053 — LAPS is processing the current policy in response to an Administrator request.
Description
LAPS is processing the current policy in response to an Administrator request.
Message #
Event ID 10054 — LAPS is processing the current policy in response to a Group Policy change notification.
Description
LAPS is processing the current policy in response to a Group Policy change notification.
Message #
Event ID 10055 — LAPS is using the following domain controller.
Event ID 10056 — LAPS failed to locate a writable domain controller.
Event ID 10057 — LAPS was unable to bind over LDAP to the domain controller.
Description
LAPS was unable to bind over LDAP to the domain controller.
Message #
Fields #
| Name | Description |
|---|---|
DCName UnicodeString | [LAPS was unable to bind over LDAP to the domain controller] DCName. |
Error_code HexInt32 | [LAPS was unable to bind over LDAP to the domain controller] Error code. |
Data1 UnicodeString | — |
Data2 HexInt32 | — |
Event ID 10058 — The current policy is configured to backup the password to Azure Active Directory, but has a configured PasswordAgeDays value that is less than the...
Description
The current policy is configured to backup the password to Azure Active Directory, but has a configured PasswordAgeDays value that is less than the required minimum.
Message #
Fields #
| Name | Description |
|---|---|
Configured_value Int32 | [The current policy is configured to backup the password to Azure Active Directory, but has a configured PasswordAgeDays value that is less than the required minimum] Configured value. |
Minimum_value Int32 | [The current policy is configured to backup the password to Azure Active Directory, but has a configured PasswordAgeDays value that is less than the required minimum] Minimum value. |
Data1 Int32 | — |
Data2 Int32 | — |
Event ID 10059 — Azure returned a failure code.
Event ID 10060 — The current policy is configured to backup the password to Azure Active Directory, but the machine is only joined to Active Directory.
Message #
Event ID 10061 — The current policy is configured to backup the password to Azure Active Directory, but the machine is workplace-joined.
Description
The current policy is configured to backup the password to Azure Active Directory, but the machine is workplace-joined. LAPS does not support workplace-joined machines for any scenario.
Message #
Event ID 10062 — The current policy is configured to backup the password to Active Directory, but the machine is only joined to Azure Active Directory.
Message #
Event ID 10063 — The current policy is configured to backup the password to Active Directory, but the machine is workplace-joined.
Description
The current policy is configured to backup the password to Active Directory, but the machine is workplace-joined. LAPS does not support workplace-joined machines for any scenario.
Message #
Event ID 10064 — The current policy is configured to backup the DSRM account password to Active Directory, but password encryption is not enabled.
Message #
Event ID 10065 — LAPS received an LDAP_INSUFFICIENT_RIGHTS error trying to update the password using the legacy LAPS password attribute.
Event ID 10066 — LAPS received an LDAP_INSUFFICIENT_RIGHTS error trying to update the password using the LAPS password attribute.
Event ID 10067 — The configured local account is currently disabled.
Event ID 10068 — This device has been joined to Azure AD.
Description
This device has been joined to Azure AD. This message is informational only and no action is necessary.
Message #
Event ID 10069 — This device has been unjoined from Azure AD.
Description
This device has been unjoined from Azure AD. This message is informational only and no action is necessary.
Message #
Event ID 10070 — This device has been joined to Active Directory.
Description
This device has been joined to Active Directory. This message is informational only and no action is necessary.
Message #
Event ID 10071 — This device has been unjoined from Active Directory.
Description
This device has been unjoined from Active Directory. This message is informational only and no action is necessary.
Message #
Event ID 10072 — Encryption of the new password failed.
Event ID 10073 — LAPS is now executing the configured post-authentication actions for the target account.
Event ID 10074 — LAPS has successfully completed all configured post-authentication actions for the LAPS-managed account identity.
Event ID 10075 — LAPS has completed all configured post-authentication actions for the LAPS-managed account identity.
Event ID 10076 — A post-authentication action was pending for the account below, but the current policy is now targeting a different account.
Event ID 10077 — LAPS found Data1 interactive logon sessions using the managed account.
Event ID 10078 — LAPS successfully notified the following session that a logoff is pending shortly.
Event ID 10079 — LAPS failed to notify the following session that a logoff is pending shortly.
Description
LAPS failed to notify the following session that a logoff is pending shortly. The logoff action will proceed regardless.
Message #
Fields #
| Name | Description |
|---|---|
ExecEnvId Int32 | — |
State Int32 | — |
SessionId Int32 | — |
SessionName UnicodeString | — |
HostName UnicodeString | — |
UserName UnicodeString | — |
DomainName UnicodeString | — |
FarmName UnicodeString | — |
Error Int32 | — |
Event ID 10080 — LAPS is now pausing for Data1 seconds to give the notified sessions time to logoff.
Event ID 10081 — LAPS is now logging off all notified sessions.
Description
LAPS is now logging off all notified sessions.
Message #
Event ID 10082 — LAPS successfully logged off the following session.
Event ID 10083 — LAPS received an error trying to log off the following session.
Description
LAPS received an error trying to log off the following session. This action will not be retried.
Message #
Fields #
| Name | Description |
|---|---|
ExecEnvId Int32 | — |
State Int32 | — |
SessionId Int32 | — |
SessionName UnicodeString | — |
HostName UnicodeString | — |
UserName UnicodeString | — |
DomainName UnicodeString | — |
FarmName UnicodeString | — |
Error Int32 | — |
Event ID 10084 — LAPS found Data1 file share sessions using the managed account.
Event ID 10085 — LAPS successfully deleted the following file share session.
Event ID 10086 — LAPS failed to disconnect the following file share session.
Description
LAPS failed to disconnect the following file share session. This action will not be retried.
Message #
Fields #
| Name | Description |
|---|---|
SessionId HexInt64 | — |
ClientComputerName UnicodeString | — |
ClientUserName UnicodeString | — |
NumOpens Int64 | — |
SecondsIdle Int32 | — |
SecondsExisted Int32 | — |
ServerName UnicodeString | — |
Error Int32 | — |
Event ID 10087 — LAPS found Data1 processes using the managed account.
Event ID 10088 — LAPS successfully terminated the following process.
Event ID 10089 — LAPS failed to terminate the following process.
Event ID 10090 — The LAPS managed account was enabled.
Event ID 10091 — The LAPS managed account was disabled.
Event ID 10092 — The LAPS policy is configured for automatic account management mode, but the account name or prefix is too long and will be truncated.
Event ID 10093 — The current automatically LAPS managed account was renamed.
Event ID 10094 — LAPS failed to rename the managed account.
Event ID 10095 — LAPS failed to enable the managed account.
Event ID 10096 — LAPS failed to disable the managed account.
Event ID 10097 — LAPS deleted the previously managed account.
Event ID 10098 — LAPS failed to delete the previously managed account.
Event ID 10099 — LAPS renamed and disabled the previously managed builtin administrator account.
Event ID 10100 — LAPS failed to rename and disable the previously managed builtin administrator account.
Event ID 10101 — LAPS blocked an external request that attempted to modify the current automatically managed account.
Description
LAPS blocked an external request that attempted to modify the current automatically managed account.
Message #
Fields #
| Name | Description |
|---|---|
LAPSManagedAccountName UnicodeString | — |
LAPSManagedAccountSid UnicodeString | — |
ClientName UnicodeString | — |
ClientAddress UnicodeString | — |
ClientProcessID Int32 | — |
ClientProcessExe UnicodeString | — |
Event ID 10102 — LAPS blocked an external request that attempted to delete the current automatically managed account.
Description
LAPS blocked an external request that attempted to delete the current automatically managed account.
Message #
Fields #
| Name | Description |
|---|---|
LAPSManagedAccountName UnicodeString | — |
LAPSManagedAccountSid UnicodeString | — |
ClientName UnicodeString | — |
ClientAddress UnicodeString | — |
ClientProcessID Int32 | — |
ClientProcessExe UnicodeString | — |
Event ID 10103 — LAPS blocked an external request that attempted to modify the security descriptor of the current automatically managed account.
Description
LAPS blocked an external request that attempted to modify the security descriptor of the current automatically managed account.
Message #
Fields #
| Name | Description |
|---|---|
LAPSManagedAccountName UnicodeString | — |
LAPSManagedAccountSid UnicodeString | — |
ClientName UnicodeString | — |
ClientAddress UnicodeString | — |
ClientProcessID Int32 | — |
ClientProcessExe UnicodeString | — |
Event ID 10104 — LAPS blocked an external request that attempted to remove the current automatically managed account from the local administrators group.
Description
LAPS blocked an external request that attempted to remove the current automatically managed account from the local administrators group.
Message #
Fields #
| Name | Description |
|---|---|
LAPSManagedAccountName UnicodeString | — |
LAPSManagedAccountSid UnicodeString | — |
ClientName UnicodeString | — |
ClientAddress UnicodeString | — |
ClientProcessID Int32 | — |
ClientProcessExe UnicodeString | — |
Event ID 10105 — LAPS failed to update its local registry state.
Event ID 10106 — LAPS has successfully completed all sysprep cleanup operations.
Description
LAPS has successfully completed all sysprep cleanup operations.
Message #
Event ID 10107 — LAPS failed to complete one or more sysprep cleanup operations.
Event ID 10108 — The msLAPSCurrentPasswordVersion attribute has not been added to the Active Directory schema.
Message #
Event ID 20000 — One or more Local Administrator Password Solution (LAPS) MDM policy values were blocked from being set because the current machine is joined to nei...
Description
One or more Local Administrator Password Solution (LAPS) MDM policy values were blocked from being set because the current machine is joined to neither Azure Active Directory or Active Directory.