The security log on this system is full. Only administrators can log in to resolve this issue

Question

From time to time, domain (AD) user accounts in Windows 11 when trying to log in to Windows receive the message "The security log on this system is full. Only administrators can log in to resolve this problem." After logging in to the admin account and clearing the event log, the problem is solved. Except this problem keeps coming back. In the log settings it is possible to set "When the maximum event log size is reached":

• replace events as needed (starting with the oldest events). And this option is checked and saved when clearing the log. After some time, when the log becomes full (e.g. reaches 30MB), the problem reappears. I go to the security day's event view and it turns out that the "overwrite events as needed (starting with oldest events)" function is not checked, and the "do not overwrite events (manual log clearing)" option is listed as active. Has anyone encountered such a problem? How to solve it ? I will add that the problem only occurs on computers that received the new Windows 11. Previously, all other computers with Windows 10 did not have this problem.

Answer 1

Just a guess but I'm going to wager that you have a GPO that is unchecking the overwrite option. To test this, go to a machine and check the option. Then force a GP update using gpupdate /force from an elevated command prompt. Give it a minute or two to update and then go check the option again. If it was reset then a GPO option is doing it. GP policies can be based upon the OS so it is possible the policy was different for Win10 than for Win11.

To work around this I would go into GPO and enable overwriting for all computers. You can see a screenshot of this option here.

Answer 2

I changed the settings in GPO and it seems to be OK because the security log has the log overwrite checkbox checked. It should be ok. Thank you for your help.