Security full can not login

i have enabled audit policy in domain security policy to autid privilege use
, system events etc. this cause on and off user can't login to the DC , the
message is security log full when they turn on the pc next day morning.

we have to login administrator id to clear the security log.

is there a way that even though the security log is full, still can allow
user to login.

the DC is windows 2003 and the client pc is xp.

 

Hello DD,

You have to configure the settings to overwrite if needed or increase the
logfile size. Also you should think about what you log. Do you also control
the logfiles of the user machines?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> i have enabled audit policy in domain security policy to autid
> privilege use , system events etc. this cause on and off user can't
> login to the DC , the message is security log full when they turn on
> the pc next day morning.
>
> we have to login administrator id to clear the security log.
>
> is there a way that even though the security log is full, still can
> allow user to login.
>
> the DC is windows 2003 and the client pc is xp.
>

 

configure the overwrite setting from user pc, what is the default ?

is audit requirement to enable.

"Meinolf Weber [MVP-DS]" wrote:

> Hello DD,
>
> You have to configure the settings to overwrite if needed or increase the
> logfile size. Also you should think about what you log. Do you also control
> the logfiles of the user machines?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > i have enabled audit policy in domain security policy to autid
> > privilege use , system events etc. this cause on and off user can't
> > login to the DC , the message is security log full when they turn on
> > the pc next day morning.
> >
> > we have to login administrator id to clear the security log.
> >
> > is there a way that even though the security log is full, still can
> > allow user to login.
> >
> > the DC is windows 2003 and the client pc is xp.
> >
>
>
>

 

Hi

First, you can modify the way your server manage the logs of your event
viewer (right click on each event viewer menu, and properties. You can
increase the size of the log, and choose what your system will do when this
log is full.
In second time, you should verify your audit configuration. Some events are
not very usefull....
And third, in your GPO, you can modify (in security options), how your
system will respond when event viewer is full.

Best regards
--
----------------------------------
[MCSA & MCSE 2000 - 2003- MCTS - MCTIP]


"DD" wrote:

> i have enabled audit policy in domain security policy to autid privilege use
> , system events etc. this cause on and off user can't login to the DC , the
> message is security log full when they turn on the pc next day morning.
>
> we have to login administrator id to clear the security log.
>
> is there a way that even though the security log is full, still can allow
> user to login.
>
> the DC is windows 2003 and the client pc is xp.
>

 

Hello DD,

Default is 512 KB logfile size and overwrite older then 7 days as far as
i know in 2000 and XP.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> configure the overwrite setting from user pc, what is the default ?
>
> is audit requirement to enable.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello DD,
>>
>> You have to configure the settings to overwrite if needed or increase
>> the logfile size. Also you should think about what you log. Do you
>> also control the logfiles of the user machines?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> i have enabled audit policy in domain security policy to autid
>>> privilege use , system events etc. this cause on and off user can't
>>> login to the DC , the message is security log full when they turn on
>>> the pc next day morning.
>>>
>>> we have to login administrator id to clear the security log.
>>>
>>> is there a way that even though the security log is full, still can
>>> allow user to login.
>>>
>>> the DC is windows 2003 and the client pc is xp.
>>>

 

My OBJECTIVE IS EVEN THOUGH THE SECURITY OR OTHERS LOG FULL, user shoud be
able to login.

How to archive ?

"Nicolas" wrote:

> Hi
>
> First, you can modify the way your server manage the logs of your event
> viewer (right click on each event viewer menu, and properties. You can
> increase the size of the log, and choose what your system will do when this
> log is full.
> In second time, you should verify your audit configuration. Some events are
> not very usefull....
> And third, in your GPO, you can modify (in security options), how your
> system will respond when event viewer is full.
>
> Best regards
> --
> ----------------------------------
> [MCSA & MCSE 2000 - 2003- MCTS - MCTIP]
>
>
> "DD" wrote:
>
> > i have enabled audit policy in domain security policy to autid privilege use
> > , system events etc. this cause on and off user can't login to the DC , the
> > message is security log full when they turn on the pc next day morning.
> >
> > we have to login administrator id to clear the security log.
> >
> > is there a way that even though the security log is full, still can allow
> > user to login.
> >
> > the DC is windows 2003 and the client pc is xp.
> >

 

We can increase the log file size , but somehow the security log file growth
very fast and it can be full one or two days later .

user may coming early 6am, and they can't login once the security log full.

My OBJECTIVE IS EVEN THOUGH THE SECURITY OR OTHERS LOG FULL, user shoud be
able to login.

How to achive ?

user may coming early 6am, and they can't login once the security log full.

"Meinolf Weber [MVP-DS]" wrote:

> Hello DD,
>
> Default is 512 KB logfile size and overwrite older then 7 days as far as
> i know in 2000 and XP.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > configure the overwrite setting from user pc, what is the default ?
> >
> > is audit requirement to enable.
> >
> > "Meinolf Weber [MVP-DS]" wrote:
> >
> >> Hello DD,
> >>
> >> You have to configure the settings to overwrite if needed or increase
> >> the logfile size. Also you should think about what you log. Do you
> >> also control the logfiles of the user machines?
> >>
> >> Best regards
> >>
> >> Meinolf Weber
> >> Disclaimer: This posting is provided "AS IS" with no warranties, and
> >> confers
> >> no rights.
> >> ** Please do NOT email, only reply to Newsgroups
> >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >>> i have enabled audit policy in domain security policy to autid
> >>> privilege use , system events etc. this cause on and off user can't
> >>> login to the DC , the message is security log full when they turn on
> >>> the pc next day morning.
> >>>
> >>> we have to login administrator id to clear the security log.
> >>>
> >>> is there a way that even though the security log is full, still can
> >>> allow user to login.
> >>>
> >>> the DC is windows 2003 and the client pc is xp.
> >>>
>
>
>

 

Hello DD,

Configure the security log to overwrite as needed. And it will not be full.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> We can increase the log file size , but somehow the security log file
> growth very fast and it can be full one or two days later .
>
> user may coming early 6am, and they can't login once the security log
> full.
>
> My OBJECTIVE IS EVEN THOUGH THE SECURITY OR OTHERS LOG FULL, user
> shoud be able to login.
>
> How to achive ?
>
> user may coming early 6am, and they can't login once the security log
> full.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello DD,
>>
>> Default is 512 KB logfile size and overwrite older then 7 days as far
>> as i know in 2000 and XP.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> configure the overwrite setting from user pc, what is the default ?
>>>
>>> is audit requirement to enable.
>>>
>>> "Meinolf Weber [MVP-DS]" wrote:
>>>
>>>> Hello DD,
>>>>
>>>> You have to configure the settings to overwrite if needed or
>>>> increase the logfile size. Also you should think about what you
>>>> log. Do you also control the logfiles of the user machines?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers
>>>> no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> i have enabled audit policy in domain security policy to autid
>>>>> privilege use , system events etc. this cause on and off user
>>>>> can't login to the DC , the message is security log full when they
>>>>> turn on the pc next day morning.
>>>>>
>>>>> we have to login administrator id to clear the security log.
>>>>>
>>>>> is there a way that even though the security log is full, still
>>>>> can allow user to login.
>>>>>
>>>>> the DC is windows 2003 and the client pc is xp.
>>>>>