Configuring Event Log Archiving and Auto-Deletion in Group Policy

Question

I am currently managing a Windows Server environment and want to configure the following event log behavior using Group Policy:

1. Log Archiving: I would like the event logs (Application, System, and Security) to be archived when they reach 196608 KB in size.
2. Auto-Deletion of Archived Logs: I need the archived event logs to be automatically deleted after 90 days to manage storage effectively.

And I configure this:

• Maximum log size for each log is set to 192 MB in Administrative Templates → Windows Components → Event Log Service
• Enabled "Back up log automatically when full" in Administrative Templates → Windows Components → Event Log Service
• Retain security logs for 90 days is already configured in Windows Settings → Security Settings → Event Log

The file size is successfully applied. But the archived log can't automatically deleted after 90 days.

Regards,

Lester

Answer 1

Hello

Thank you for posting in Q&A forum.

1. your policy may not work in the right computer, you can open cmd as administrator, and then type " gpresult /h C:\a.html ", to see if it has policy.
2. this policy may not work as the same way which you think, you can use another way to delete event view too.

a bat file which deletes file longer than 90 days and using task scheduler to run this bat file every day.

bat file cmd like below:

ForFiles /p "C:\path\to\folder" /s /d -90 /c "cmd /c del /q @file"

Best regards

Yanhong

=====================================

If the answer is helpful, please click "Accept answer" and upvote it