Windows 11 22H2 version - Issue with Security Log Full

Jessica McMillan 5 Reputation points
2023-03-17T17:05:35.84+00:00

User gets "Security Log Full" error. We go in and clear and reset back to default to "Overwrite events as needed (oldest events first)

For some reason it is being changed to "Do not overwrite events (clear logs manually).

There are multiple threads on this, however no permanent fix. This is becoming a problem as we began to roll out Windows 11. There is no way we can clear the logs and reset for this many users.

This is what we are seeing::

Screenshot 2023-03-17 120655

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,723 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,096 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 43,926 Reputation points
    2023-03-20T14:24:39.35+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query\issues related to Security logs getts fulled.

    I have also found similar issues from other users : https://learn.microsoft.com/en-us/answers/questions/1085762/why-obtain-the-security-log-on-this-system-is-full

    As a Workground :

    Set Event Viewer set to Overwrite.

    Press Windows + R -> Type gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > Control Event Log Behavior when the log file reaches its maximum size, Set it to Disable -> Reboot your computer.

    --If the reply is helpful, please Upvote and Accept as answer--


  2. Allan O 0 Reputation points
    2023-12-14T14:37:30.5266667+00:00

    has anyone tried 'configure log access' and enabling it?

    gpedit.msc -> Go to Computer Configuration > Administrative Templates > Windows Component > Event Log Service > Security > configure log access

    and then setting log access to regular users or everyone in gpo? would that be a workaround?

    i haven't tried it on anything but that setting did seem interesting

    0 comments No comments