Hi All,
Anyone get permanent solution for this issue. We are also facing the same when the windows 11 22H2 machine comes in Intune infra and the issue comes.
Please explain why this happening if anyone find the RCA.
Thanks,
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
In the most recent laptops that I installed the latest update of Windows 11 (22H2) every so often that I restart the computer I get the message "The security log on this system is full". I enter the event viewer with another credentials and choose the "Overwrite events" option but after a while it doesn't allow me to log in showing the same previous message and changing back to the "don't overwrite events" option.
Hi All,
Anyone get permanent solution for this issue. We are also facing the same when the windows 11 22H2 machine comes in Intune infra and the issue comes.
Please explain why this happening if anyone find the RCA.
Thanks,
Also completely lost... Windows 11 22H2 reverts to "Do not overwrite events" after every reboot... So, we can basically brick a workstation for our non-admin users... by rebooting (allowing Windows to reboot, allowing Windows to reboot for an update, etc...)!?! What a nightmare.
Hi Team,
Its almost been more than 20 days I still haven't experienced the issue again with the solution I posted in this forum. Please test it and let me know.
My GPO is set to overwrite for a rolling 15 days, and it isn't being respected at all on Windows 11 22H2 workstations.
Every reboot results in this:
@Hitesh Chaudhary , I did as you said, and disabled "Retention method for security log" in GPO. It seems your solution works, but I wouldn't really call it a solution... kind of defeats the purpose of "Group Policy..."
With GPO "Retention method for security log" disabled, reboots revert the setting to "Overwrite events as needed (oldest events first)", however, interestingly, gpupdate /force doesn't change the setting, only rebooting the workstation does (but perhaps this is due to the nature of event logs and maybe it only sets the event log policy once on boot/login, etc).
Having said all that, I am reverting my GPO settings back to their original settings. I shouldn't have to change GPO to align with an obvious bug... smh...