Solved

the security log on this system is full only admin can login to fix

Posted on 2010-09-04
7
537 Views
Last Modified: 2012-05-10
Was there an update that I missed?  Recently I have been bombarded with this error and have to clear/reset the Security Log via Active Directory.

I dont see any recent updates or changes on these pc's  So far it s effecting WinXP boxes not Win7.

Any ideas?



 
0
Comment
Question by:mebibyte
  • 4
  • 2
7 Comments
 
LVL 7

Expert Comment

by:GridLock137
ID: 33605311
are your win xp machines set up for some kind of audit logging like windows xp firewall or any other or is it the security log of the server that is getting full?
0
 
LVL 7

Accepted Solution

by:
GridLock137 earned 500 total points
ID: 33605323
also on the system you are getting the message on check the follwoing:

right click on my computer> select manage> open even viewer> drill down to security log> right click and select property and under the general and filter tabs check your settings and how often you are auditing these events and also check the filters being used. there might be a domain policy set for your xp machines on the server that may be applied for these machines alone. give that a shot.
0
 
LVL 5

Expert Comment

by:EnriquePhoenix
ID: 33605389
I had the same prob a few months ago I used this MS kb.
http://support.microsoft.com/kb/867860
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:mebibyte
ID: 33605441
By default these pc's are set to Max Log = 512KB  | Overwrite events older than 7 days  |  Filters: Info, Warnings, Error, Success and Failure Audit.

I have to change the settings to Overwrite events as needed then it goes away.

0
 
LVL 7

Expert Comment

by:GridLock137
ID: 33605463
if this is one machine you could have something happening on there that could be causing the log to fill up prior to the 7 days, check the logs and see what is happening, if you have audits pointing out login failures then maybe depending on the role of this machine, something could be trying to auhtenticate to that machine for some type of service, aslo what has changed recently on this machine?
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 33605476
you can also try this:  http://support.microsoft.com/kb/308427

0
 
LVL 5

Expert Comment

by:EnriquePhoenix
ID: 33605800
If all the log entries look legit then I would increase the max log size so it can accommodate 7- 8 days worth of logs.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question