This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 75%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
User gets "Security Log Full" error. We go in and clear and reset back to default to "Overwrite events as needed (oldest events first)
For some reason it is being changed to "Do not overwrite events (clear logs manually).
There are multiple threads on this, however no permanent fix. This is becoming a problem as we began to roll out Windows 11. There is no way we can clear the logs and reset for this many users.
This is what we are seeing::
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello
Thank you for your question and reaching out. I can understand you are having query\issues related to Security logs getts fulled.
I have also found similar issues from other users : https://learn.microsoft.com/en-us/answers/questions/1085762/why-obtain-the-security-log-on-this-system-is-full
As a Workground :
Set Event Viewer set to Overwrite.
Press Windows + R -> Type gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > Control Event Log Behavior when the log file reaches its maximum size, Set it to Disable -> Reboot your computer.
--If the reply is helpful, please Upvote and Accept as answer--
Wouldn't this be problematic as no additional logs would be written? I can see this working for a home device. Will there be a patch soon? This is preventing us from rolling out Windows 11 to all users
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 91%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Has this issue been resolved in 23H2 or any other cumulative update? I can't seem to find an answer anywhere. There appears to be no rhyme or reason why the security log setting keeps getting reverted back to "Do not overwrite", even after we've cleared the log and changed to "Overwrite as needed". It's not happening on every single Windows 11 system, but it's happening on enough, that it's becoming a major pain. We've seen it on fresh Windows 11 22H2 installs, as well as Windows 10 to 11 upgraded systems. We've seen it on systems with just 1 specific user who logs on...and we've seen it on shared systems with multiple logon accounts.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 69%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAO%3C/text%3E%3C/svg%3E)
has anyone tried 'configure log access' and enabling it?
gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > configure log access
and then setting log access to regular users or everyone in gpo? would that be a workaround?
i haven't tried it on anything but that setting did seem interesting