Windows 11 22H2 version - Issue with Security Log Full

Question

Windows 11 22H2 version - Issue with Security Log Full

Jessica McMillan 5

User gets "Security Log Full" error. We go in and clear and reset back to default to "Overwrite events as needed (oldest events first)

For some reason it is being changed to "Do not overwrite events (clear logs manually).

There are multiple threads on this, however no permanent fix. This is becoming a problem as we began to roll out Windows 11. There is no way we can clear the logs and reset for this many users.

This is what we are seeing::

Screenshot 2023-03-17 120655

2 answers

Your answer

Answer 1

Limitless Technology 45,126

Hello

Thank you for your question and reaching out. I can understand you are having query\issues related to Security logs getts fulled.

I have also found similar issues from other users : https://learn.microsoft.com/en-us/answers/questions/1085762/why-obtain-the-security-log-on-this-system-is-full

As a Workground :

Set Event Viewer set to Overwrite.

Press Windows + R -> Type gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > Control Event Log Behavior when the log file reaches its maximum size, Set it to Disable -> Reboot your computer.

--If the reply is helpful, please Upvote and Accept as answer--

Jessica McMillan 5 Reputation points

2023-03-20T14:33:08.8166667+00:00

Wouldn't this be problematic as no additional logs would be written? I can see this working for a home device. Will there be a patch soon? This is preventing us from rolling out Windows 11 to all users
Jeff Laux 0 Reputation points

2023-11-17T16:22:59.3633333+00:00

Has this issue been resolved in 23H2 or any other cumulative update? I can't seem to find an answer anywhere. There appears to be no rhyme or reason why the security log setting keeps getting reverted back to "Do not overwrite", even after we've cleared the log and changed to "Overwrite as needed". It's not happening on every single Windows 11 system, but it's happening on enough, that it's becoming a major pain. We've seen it on fresh Windows 11 22H2 installs, as well as Windows 10 to 11 upgraded systems. We've seen it on systems with just 1 specific user who logs on...and we've seen it on shared systems with multiple logon accounts.

Answer 2

Allan O 0

has anyone tried 'configure log access' and enabling it?

gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > configure log access

and then setting log access to regular users or everyone in gpo? would that be a workaround?

i haven't tried it on anything but that setting did seem interesting

Share via

Windows 11 22H2 version - Issue with Security Log Full

2 answers

Your answer