<div>
I am not aware of a way to restore the log once it has been cleared down, unless you saved the logs in an *.evt file
</div>


I am not aware of a way to restore the log once it has been cleared down, unless you saved the logs in an *.evt file

<div>
As Kevin said, there is no way. You only options is if you have full backup of the server/worstation before the Security Log was cleared. <br />
<br />
If this is the situation, you can restore the following folder %SystemRoot%\System32\Conf<wbr />ig &nbsp;that is where the logs are stored in evt format as Kevin said.<br />
<br />
Then from Event Viewer you will be able to go to Actions -&gt; Open Log file and choose the restored evt to open. <br />
<br />
Pere
</div>


As Kevin said, there is no way. You only options is if you have full backup of the server/worstation before the Security Log was cleared.

If this is the situation, you can restore the following folder %SystemRoot%\System32\Config  that is where the logs are stored in evt format as Kevin said.

Then from Event Viewer you will be able to go to Actions -> Open Log file and choose the restored evt to open.

Pere

<div>
Forced accept.<br />
<br />
Computer101<br />
EE Admin
</div>


<div>
<div class="content wysiwyg-content">
I have important case.<br />
An IT employee in my company recieved insult message from IT employee, the employee who sent email said he didn't sent this email and other employee reset his password and login by his account and sent the email and he didn't know any thing about this email.<br />
<br />
I made some investigation about this case and I checked the security log file to find when the password resets and who made that, but I found the log is clear and the admin make schedule every 65k.<br />
<br />
<br />
Can I restore the security log?Who?
</div>
</div>


I have important case.
An IT employee in my company recieved insult message from IT employee, the employee who sent email said he didn't sent this email and other employee reset his password and login by his account and sent the email and he didn't know any thing about this email.

I made some investigation about this case and I checked the security log file to find when the password resets and who made that, but I found the log is clear and the admin make schedule every 65k.


Can I restore the security log?Who?

How can i restore securty log when it cleans?

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).