Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Disclaimer: Due to changes in the MSFT corporate blogging policy, I’m moving all of my content to the following ___location. Please reference all future content from that ___location. Thanks.
This is a short post for documentation only, but LAPS can be configured to put audit events in the Windows Security Log. These are event ID 4662 with an Event Source of AdmPwd. I’ve set a collection rule for both Windows Event Collectors as well as Windows Servers to collect these events. There is currently no alerting or reporting off of them.