Security Event log

M

Mike T.

I've got a few users that use XP and on a weekly basis
their Security Event log fills up and won't allow them to
login until after I clear it logging in as administrator.

All users are in the Power User group. When I've gone
into the properties of the Security Log I am unable to
make any changes to the properties due to the user not
being in the Admin group or an Administrator.

How do I prevent this log file from continually filling up
and preventing the user from logging in. On W2K pc's this
issue does not come up.
 
R

Roger Abell

On W2k this issue will come up if the event logs are
configured the same. In the local security policy (or in
a GPO if you have AD) you can configure the maximum
size for the three main event logs, and you can also state
the policy to follow when the log is full. One of the
settings for this last, to overwrite as needed, will never
result in a full log.
What you should do is determine why their event log is
filling up. What is being logged so much.
If you increase the event log to say 16 meg and to overwrite
as needed or overwrite older that a week or two, your issue
will go away unless there is something being logged with
high frequency that you need to resolve.
 
M

Mike T.

Roger,

Thanks alot for the help. I found what was causing all of
the logging - Audit System Events was turned on for both
success and failure.

Once I turned that off - all my problems went away!

Regards,

Mike
 
R

rww

Roger said:
*On W2k this issue will come up if the event logs are
configured the same. In the local security policy (or in
a GPO if you have AD) you can configure the maximum
size for the three main event logs, and you can also state
the policy to follow when the log is full. One of the
settings for this last, to overwrite as needed, will never
result in a full log.
*
Click to expand...
I have my system log set to overwrite as needed, however it stil
continues to give me an event log full warning due to Diskeepe
Administrator writing a dcom error because of some machines not bein
logged in when it tries to "administrate" them.

What gives? I thought once the log was set to overwrite, it didn'
matter how rapidly the log got to max size, it would be overwritte
without giving the full log message.

Thanks for any help.
RW


-
rw
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Log on as administrator? 7
Cannot log in with "user" rights in the domain 2
Can an admin unlock a pc without logging the user off? 1
Event ID: 1202 1
SeTcbPriviledge - Event 577 1
Backup Security Event Log via script Problem 1
Log into user account with Admin password? 1
can't clear security log as local admin 1

Top