Link to home
Start Free TrialLog in
Avatar of Thor2923
Thor2923Flag for United States of America

asked on

XP workstation display "Security log is full" and I cannot login unless I am a local admin

We have several XP workstations on our Windows 2008r2 domain. Recently several users have come to me and told me that they cannot log in. I go to their workstation and see a message similar to "security log is full" and something about how they need to be a local admin. I log in and make them local administrators and they are able to log in but when I go to clear the security log, it tells me I do not have the permissions and I am a Domain Admin, I also log in as the Administrator on the local workstation and try to clear the security log and I do not even permission as the local admin either. Has anyone seen this before? I know another IT person has been working with GPOs. Is it possible this is causing this? All advice welcome
Avatar of Member_2_6492660_1
Member_2_6492660_1
Flag of United States of America image

ASKER CERTIFIED SOLUTION
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
There must be something in the event log on those workstations event viewer related to security. could you please check and post them ?
Yes that GPO should have some wrong settings. Edit that GPO to overwrite event logs and you can set the max space allocated to event logs.
Login as the Administrator Click --> start --> Run --> type rsop.msc.

From the rsop menu , expand to Computer configuration --> Windows settings --> Security settings --> Event log --> Check which policy is applied.And make the changes as expalined above.
Get the IT person who updated the GPo to remove the settings

Sounds like they need to be reviewed

Locking down the event logs causing the users not be able to logon  well time to unlock the event logs.